Cross Reference: /u-boot/tools/fit

History log of /u-boot/tools/fit_common.c
Revision	Date	Author	Comments
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7c665e15	09-Apr-2024	Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>	tools: copyfile: use 64k instead of 512 buffer This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	This contributor prefers not to receive mails <noreply@example.com>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2972d7d6	29-Mar-2023	Pali Rohár <pali@kernel.org>	tools: imagetool: Extend print_header() by params argument This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 2d2384bb	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: mkimage: Show where signatures/keys are written At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org>
# 7ae46c35	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Avoid leaving extra data at the end of copied files The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org>
# e291a5c9	12-Nov-2021	Simon Glass <sjg@chromium.org>	tools: Move copyfile() into a common file This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 6f08eee6	10-Jan-2022	Stefan Eichenberger <eichest@gmail.com>	tools/fitimage: make sure dumpimage still works when "@" are detected fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# c5819701	15-Feb-2021	Simon Glass <sjg@chromium.org>	image: Adjust the workings of fit_check_format() At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 7d57485a	14-May-2019	Luca Boccassi <luca.boccassi@microsoft.com>	tools: use read-only mmap in fit_check_sign Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
# d32aa3ca	05-Mar-2019	Jordan Hand <jordanhand22@gmail.com>	fdt: Fix FIT header verification in mkimage and conduct same checks as bootm FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com>
# 83d290c5	06-May-2018	Tom Rini <trini@konsulko.com>	SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
# a9468115	02-Jun-2014	Simon Glass <sjg@chromium.org>	mkimage: Automatically make space in FDT when full When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space. Signed-off-by: Simon Glass <sjg@chromium.org>
# ef0af64b	02-Jun-2014	Simon Glass <sjg@chromium.org>	Improve error handling in fit_common Make the error handling common, and make sure the file is always closed on error. Rename the parameter to be more description and add comments. Signed-off-by: Simon Glass <sjg@chromium.org>
# 6bf4ca07	02-Mar-2014	Heiko Schocher <hs@denx.de>	tools, fit: add fit_info host command add fit_info command to the host tools. This command prints the name, offset and the len from a property from a node in a fit file. This info can be used to extract a properties data with linux tools, for example "dd". Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org>