1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Freescale i.MX23/i.MX28 SB image generator
4  *
5  * Copyright (C) 2012-2013 Marek Vasut <marex@denx.de>
6  */
7 
8 #ifdef CONFIG_MXS
9 
10 #include <errno.h>
11 #include <fcntl.h>
12 #include <stdio.h>
13 #include <string.h>
14 #include <unistd.h>
15 #include <limits.h>
16 
17 #include <openssl/evp.h>
18 
19 #include "imagetool.h"
20 #include "mxsimage.h"
21 #include "pbl_crc32.h"
22 #include <image.h>
23 
24 /*
25  * OpenSSL 1.1.0 and newer compatibility functions:
26  * https://wiki.openssl.org/index.php/1.1_API_Changes
27  */
28 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
29     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
OPENSSL_zalloc(size_t num)30 static void *OPENSSL_zalloc(size_t num)
31 {
32 	void *ret = OPENSSL_malloc(num);
33 
34 	if (ret != NULL)
35 		memset(ret, 0, num);
36 	return ret;
37 }
38 
EVP_MD_CTX_new(void)39 EVP_MD_CTX *EVP_MD_CTX_new(void)
40 {
41 	return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
42 }
43 
EVP_MD_CTX_free(EVP_MD_CTX * ctx)44 void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
45 {
46 	EVP_MD_CTX_cleanup(ctx);
47 	OPENSSL_free(ctx);
48 }
49 
EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX * ctx)50 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
51 {
52 	return EVP_CIPHER_CTX_cleanup(ctx);
53 }
54 #endif
55 
56 /*
57  * DCD block
58  * |-Write to address command block
59  * |  0xf00 == 0xf33d
60  * |  0xba2 == 0xb33f
61  * |-ORR address with mask command block
62  * |  0xf00 |= 0x1337
63  * |-Write to address command block
64  * |  0xba2 == 0xd00d
65  * :
66  */
67 #define SB_HAB_DCD_WRITE	0xccUL
68 #define SB_HAB_DCD_CHECK	0xcfUL
69 #define SB_HAB_DCD_NOOP		0xc0UL
70 #define SB_HAB_DCD_MASK_BIT	(1 << 3)
71 #define SB_HAB_DCD_SET_BIT	(1 << 4)
72 
73 /* Addr.n = Value.n */
74 #define	SB_DCD_WRITE	\
75 	(SB_HAB_DCD_WRITE << 24)
76 /* Addr.n &= ~Value.n */
77 #define	SB_DCD_ANDC	\
78 	((SB_HAB_DCD_WRITE << 24) | SB_HAB_DCD_SET_BIT)
79 /* Addr.n |= Value.n */
80 #define	SB_DCD_ORR	\
81 	((SB_HAB_DCD_WRITE << 24) | SB_HAB_DCD_SET_BIT | SB_HAB_DCD_MASK_BIT)
82 /* (Addr.n & Value.n) == 0 */
83 #define	SB_DCD_CHK_EQZ	\
84 	(SB_HAB_DCD_CHECK << 24)
85 /* (Addr.n & Value.n) == Value.n */
86 #define	SB_DCD_CHK_EQ	\
87 	((SB_HAB_DCD_CHECK << 24) | SB_HAB_DCD_SET_BIT)
88 /* (Addr.n & Value.n) != Value.n */
89 #define	SB_DCD_CHK_NEQ	\
90 	((SB_HAB_DCD_CHECK << 24) | SB_HAB_DCD_MASK_BIT)
91 /* (Addr.n & Value.n) != 0 */
92 #define	SB_DCD_CHK_NEZ	\
93 	((SB_HAB_DCD_CHECK << 24) | SB_HAB_DCD_SET_BIT | SB_HAB_DCD_MASK_BIT)
94 /* NOP */
95 #define	SB_DCD_NOOP	\
96 	(SB_HAB_DCD_NOOP << 24)
97 
98 struct sb_dcd_ctx {
99 	struct sb_dcd_ctx		*dcd;
100 
101 	uint32_t			id;
102 
103 	/* The DCD block. */
104 	uint32_t			*payload;
105 	/* Size of the whole DCD block. */
106 	uint32_t			size;
107 
108 	/* Pointer to previous DCD command block. */
109 	uint32_t			*prev_dcd_head;
110 };
111 
112 /*
113  * IMAGE
114  *   |-SECTION
115  *   |    |-CMD
116  *   |    |-CMD
117  *   |    `-CMD
118  *   |-SECTION
119  *   |    |-CMD
120  *   :    :
121  */
122 struct sb_cmd_list {
123 	char				*cmd;
124 	size_t				len;
125 	unsigned int			lineno;
126 };
127 
128 struct sb_cmd_ctx {
129 	uint32_t			size;
130 
131 	struct sb_cmd_ctx		*cmd;
132 
133 	uint8_t				*data;
134 	uint32_t			length;
135 
136 	struct sb_command		payload;
137 	struct sb_command		c_payload;
138 };
139 
140 struct sb_section_ctx {
141 	uint32_t			size;
142 
143 	/* Section flags */
144 	unsigned int			boot:1;
145 
146 	struct sb_section_ctx		*sect;
147 
148 	struct sb_cmd_ctx		*cmd_head;
149 	struct sb_cmd_ctx		*cmd_tail;
150 
151 	struct sb_sections_header	payload;
152 };
153 
154 struct sb_image_ctx {
155 	unsigned int			in_section:1;
156 	unsigned int			in_dcd:1;
157 	/* Image configuration */
158 	unsigned int			display_progress:1;
159 	unsigned int			silent_dump:1;
160 	char				*input_filename;
161 	char				*output_filename;
162 	char				*cfg_filename;
163 	uint8_t				image_key[16];
164 
165 	/* Number of section in the image */
166 	unsigned int			sect_count;
167 	/* Bootable section */
168 	unsigned int			sect_boot;
169 	unsigned int			sect_boot_found:1;
170 
171 	struct sb_section_ctx		*sect_head;
172 	struct sb_section_ctx		*sect_tail;
173 
174 	struct sb_dcd_ctx		*dcd_head;
175 	struct sb_dcd_ctx		*dcd_tail;
176 
177 	EVP_CIPHER_CTX			*cipher_ctx;
178 	EVP_MD_CTX			*md_ctx;
179 	uint8_t				digest[32];
180 	struct sb_key_dictionary_key	sb_dict_key;
181 
182 	struct sb_boot_image_header	payload;
183 };
184 
185 /*
186  * Instruction semantics:
187  * NOOP
188  * TAG [LAST]
189  * LOAD       address file
190  * LOAD  IVT  address IVT_entry_point
191  * FILL address pattern length
192  * JUMP [HAB] address [r0_arg]
193  * CALL [HAB] address [r0_arg]
194  * MODE mode
195  *      For i.MX23, mode = USB/I2C/SPI1_FLASH/SPI2_FLASH/NAND_BCH
196  *                         JTAG/SPI3_EEPROM/SD_SSP0/SD_SSP1
197  *      For i.MX28, mode = USB/I2C/SPI2_FLASH/SPI3_FLASH/NAND_BCH
198  *                         JTAG/SPI2_EEPROM/SD_SSP0/SD_SSP1
199  */
200 
201 /*
202  * AES libcrypto
203  */
sb_aes_init(struct sb_image_ctx * ictx,uint8_t * iv,int enc)204 static int sb_aes_init(struct sb_image_ctx *ictx, uint8_t *iv, int enc)
205 {
206 	EVP_CIPHER_CTX *ctx;
207 	int ret;
208 
209 	/* If there is no init vector, init vector is all zeroes. */
210 	if (!iv)
211 		iv = ictx->image_key;
212 
213 	ctx = EVP_CIPHER_CTX_new();
214 	ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), ictx->image_key, iv, enc);
215 	if (ret == 1) {
216 		EVP_CIPHER_CTX_set_padding(ctx, 0);
217 		ictx->cipher_ctx = ctx;
218 	}
219 	return ret;
220 }
221 
sb_aes_crypt(struct sb_image_ctx * ictx,uint8_t * in_data,uint8_t * out_data,int in_len)222 static int sb_aes_crypt(struct sb_image_ctx *ictx, uint8_t *in_data,
223 			uint8_t *out_data, int in_len)
224 {
225 	EVP_CIPHER_CTX *ctx = ictx->cipher_ctx;
226 	int ret, outlen;
227 	uint8_t *outbuf;
228 
229 	outbuf = malloc(in_len);
230 	if (!outbuf)
231 		return -ENOMEM;
232 	memset(outbuf, 0, sizeof(in_len));
233 
234 	ret = EVP_CipherUpdate(ctx, outbuf, &outlen, in_data, in_len);
235 	if (!ret) {
236 		ret = -EINVAL;
237 		goto err;
238 	}
239 
240 	if (out_data)
241 		memcpy(out_data, outbuf, outlen);
242 
243 err:
244 	free(outbuf);
245 	return ret;
246 }
247 
sb_aes_deinit(EVP_CIPHER_CTX * ctx)248 static int sb_aes_deinit(EVP_CIPHER_CTX *ctx)
249 {
250 	return EVP_CIPHER_CTX_reset(ctx);
251 }
252 
sb_aes_reinit(struct sb_image_ctx * ictx,int enc)253 static int sb_aes_reinit(struct sb_image_ctx *ictx, int enc)
254 {
255 	int ret;
256 	EVP_CIPHER_CTX *ctx = ictx->cipher_ctx;
257 	struct sb_boot_image_header *sb_header = &ictx->payload;
258 	uint8_t *iv = sb_header->iv;
259 
260 	ret = sb_aes_deinit(ctx);
261 	if (!ret)
262 		return ret;
263 	return sb_aes_init(ictx, iv, enc);
264 }
265 
266 /*
267  * Debug
268  */
soprintf(struct sb_image_ctx * ictx,const char * fmt,...)269 static void soprintf(struct sb_image_ctx *ictx, const char *fmt, ...)
270 {
271 	va_list ap;
272 
273 	if (ictx->silent_dump)
274 		return;
275 
276 	va_start(ap, fmt);
277 	vfprintf(stdout, fmt, ap);
278 	va_end(ap);
279 }
280 
281 /*
282  * Code
283  */
sb_get_timestamp(void)284 static time_t sb_get_timestamp(void)
285 {
286 	struct tm time_2000 = {
287 		.tm_yday	= 1,	/* Jan. 1st */
288 		.tm_year	= 100,	/* 2000 */
289 	};
290 	time_t seconds_to_2000 = mktime(&time_2000);
291 	time_t seconds_to_now = time(NULL);
292 
293 	return seconds_to_now - seconds_to_2000;
294 }
295 
sb_get_time(time_t time,struct tm * tm)296 static int sb_get_time(time_t time, struct tm *tm)
297 {
298 	struct tm time_2000 = {
299 		.tm_yday	= 1,	/* Jan. 1st */
300 		.tm_year	= 0,	/* 1900 */
301 	};
302 	const time_t seconds_to_2000 = mktime(&time_2000);
303 	const time_t seconds_to_now = seconds_to_2000 + time;
304 	struct tm *ret;
305 	ret = gmtime_r(&seconds_to_now, tm);
306 	return ret ? 0 : -EINVAL;
307 }
308 
sb_encrypt_sb_header(struct sb_image_ctx * ictx)309 static void sb_encrypt_sb_header(struct sb_image_ctx *ictx)
310 {
311 	EVP_MD_CTX *md_ctx = ictx->md_ctx;
312 	struct sb_boot_image_header *sb_header = &ictx->payload;
313 	uint8_t *sb_header_ptr = (uint8_t *)sb_header;
314 
315 	/* Encrypt the header, compute the digest. */
316 	sb_aes_crypt(ictx, sb_header_ptr, NULL, sizeof(*sb_header));
317 	EVP_DigestUpdate(md_ctx, sb_header_ptr, sizeof(*sb_header));
318 }
319 
sb_encrypt_sb_sections_header(struct sb_image_ctx * ictx)320 static void sb_encrypt_sb_sections_header(struct sb_image_ctx *ictx)
321 {
322 	EVP_MD_CTX *md_ctx = ictx->md_ctx;
323 	struct sb_section_ctx *sctx = ictx->sect_head;
324 	struct sb_sections_header *shdr;
325 	uint8_t *sb_sections_header_ptr;
326 	const int size = sizeof(*shdr);
327 
328 	while (sctx) {
329 		shdr = &sctx->payload;
330 		sb_sections_header_ptr = (uint8_t *)shdr;
331 
332 		sb_aes_crypt(ictx, sb_sections_header_ptr,
333 			     ictx->sb_dict_key.cbc_mac, size);
334 		EVP_DigestUpdate(md_ctx, sb_sections_header_ptr, size);
335 
336 		sctx = sctx->sect;
337 	};
338 }
339 
sb_encrypt_key_dictionary_key(struct sb_image_ctx * ictx)340 static void sb_encrypt_key_dictionary_key(struct sb_image_ctx *ictx)
341 {
342 	EVP_MD_CTX *md_ctx = ictx->md_ctx;
343 
344 	sb_aes_crypt(ictx, ictx->image_key, ictx->sb_dict_key.key,
345 		     sizeof(ictx->sb_dict_key.key));
346 	EVP_DigestUpdate(md_ctx, &ictx->sb_dict_key, sizeof(ictx->sb_dict_key));
347 }
348 
sb_decrypt_key_dictionary_key(struct sb_image_ctx * ictx)349 static void sb_decrypt_key_dictionary_key(struct sb_image_ctx *ictx)
350 {
351 	EVP_MD_CTX *md_ctx = ictx->md_ctx;
352 
353 	EVP_DigestUpdate(md_ctx, &ictx->sb_dict_key, sizeof(ictx->sb_dict_key));
354 	sb_aes_crypt(ictx, ictx->sb_dict_key.key, ictx->image_key,
355 		     sizeof(ictx->sb_dict_key.key));
356 }
357 
sb_encrypt_tag(struct sb_image_ctx * ictx,struct sb_cmd_ctx * cctx)358 static void sb_encrypt_tag(struct sb_image_ctx *ictx,
359 		struct sb_cmd_ctx *cctx)
360 {
361 	EVP_MD_CTX *md_ctx = ictx->md_ctx;
362 	struct sb_command *cmd = &cctx->payload;
363 
364 	sb_aes_crypt(ictx, (uint8_t *)cmd,
365 		     (uint8_t *)&cctx->c_payload, sizeof(*cmd));
366 	EVP_DigestUpdate(md_ctx, &cctx->c_payload, sizeof(*cmd));
367 }
368 
sb_encrypt_image(struct sb_image_ctx * ictx)369 static int sb_encrypt_image(struct sb_image_ctx *ictx)
370 {
371 	/* Start image-wide crypto. */
372 	ictx->md_ctx = EVP_MD_CTX_new();
373 	EVP_DigestInit(ictx->md_ctx, EVP_sha1());
374 
375 	/*
376 	 * SB image header.
377 	 */
378 	sb_aes_init(ictx, NULL, 1);
379 	sb_encrypt_sb_header(ictx);
380 
381 	/*
382 	 * SB sections header.
383 	 */
384 	sb_encrypt_sb_sections_header(ictx);
385 
386 	/*
387 	 * Key dictionary.
388 	 */
389 	sb_aes_reinit(ictx, 1);
390 	sb_encrypt_key_dictionary_key(ictx);
391 
392 	/*
393 	 * Section tags.
394 	 */
395 	struct sb_cmd_ctx *cctx;
396 	struct sb_command *ccmd;
397 	struct sb_section_ctx *sctx = ictx->sect_head;
398 
399 	while (sctx) {
400 		cctx = sctx->cmd_head;
401 
402 		sb_aes_reinit(ictx, 1);
403 
404 		while (cctx) {
405 			ccmd = &cctx->payload;
406 
407 			sb_encrypt_tag(ictx, cctx);
408 
409 			if (ccmd->header.tag == ROM_TAG_CMD) {
410 				sb_aes_reinit(ictx, 1);
411 			} else if (ccmd->header.tag == ROM_LOAD_CMD) {
412 				sb_aes_crypt(ictx, cctx->data, cctx->data,
413 					     cctx->length);
414 				EVP_DigestUpdate(ictx->md_ctx, cctx->data,
415 						 cctx->length);
416 			}
417 
418 			cctx = cctx->cmd;
419 		}
420 
421 		sctx = sctx->sect;
422 	};
423 
424 	/*
425 	 * Dump the SHA1 of the whole image.
426 	 */
427 	sb_aes_reinit(ictx, 1);
428 
429 	EVP_DigestFinal(ictx->md_ctx, ictx->digest, NULL);
430 	EVP_MD_CTX_free(ictx->md_ctx);
431 	sb_aes_crypt(ictx, ictx->digest, ictx->digest, sizeof(ictx->digest));
432 
433 	/* Stop the encryption session. */
434 	sb_aes_deinit(ictx->cipher_ctx);
435 
436 	return 0;
437 }
438 
sb_load_file(struct sb_cmd_ctx * cctx,char * filename)439 static int sb_load_file(struct sb_cmd_ctx *cctx, char *filename)
440 {
441 	long real_size, roundup_size;
442 	uint8_t *data;
443 	long ret;
444 	unsigned long size;
445 	FILE *fp;
446 
447 	if (!filename) {
448 		fprintf(stderr, "ERR: Missing filename!\n");
449 		return -EINVAL;
450 	}
451 
452 	fp = fopen(filename, "r");
453 	if (!fp)
454 		goto err_open;
455 
456 	ret = fseek(fp, 0, SEEK_END);
457 	if (ret < 0)
458 		goto err_file;
459 
460 	real_size = ftell(fp);
461 	if (real_size < 0)
462 		goto err_file;
463 
464 	ret = fseek(fp, 0, SEEK_SET);
465 	if (ret < 0)
466 		goto err_file;
467 
468 	roundup_size = roundup(real_size, SB_BLOCK_SIZE);
469 	data = calloc(1, roundup_size);
470 	if (!data)
471 		goto err_file;
472 
473 	size = fread(data, 1, real_size, fp);
474 	if (size != (unsigned long)real_size)
475 		goto err_alloc;
476 
477 	cctx->data = data;
478 	cctx->length = roundup_size;
479 
480 	fclose(fp);
481 	return 0;
482 
483 err_alloc:
484 	free(data);
485 err_file:
486 	fclose(fp);
487 err_open:
488 	fprintf(stderr, "ERR: Failed to load file \"%s\"\n", filename);
489 	return -EINVAL;
490 }
491 
sb_command_checksum(struct sb_command * inst)492 static uint8_t sb_command_checksum(struct sb_command *inst)
493 {
494 	uint8_t *inst_ptr = (uint8_t *)inst;
495 	uint8_t csum = 0;
496 	unsigned int i;
497 
498 	for (i = 0; i < sizeof(struct sb_command); i++)
499 		csum += inst_ptr[i];
500 
501 	return csum;
502 }
503 
sb_token_to_long(char * tok,uint32_t * rid)504 static int sb_token_to_long(char *tok, uint32_t *rid)
505 {
506 	char *endptr;
507 	unsigned long id;
508 
509 	if (tok[0] != '0' || tok[1] != 'x') {
510 		fprintf(stderr, "ERR: Invalid hexadecimal number!\n");
511 		return -EINVAL;
512 	}
513 
514 	tok += 2;
515 
516 	errno = 0;
517 	id = strtoul(tok, &endptr, 16);
518 	if ((errno == ERANGE && id == ULONG_MAX) || (errno != 0 && id == 0)) {
519 		fprintf(stderr, "ERR: Value can't be decoded!\n");
520 		return -EINVAL;
521 	}
522 
523 	/* Check for 32-bit overflow. */
524 	if (id > 0xffffffff) {
525 		fprintf(stderr, "ERR: Value too big!\n");
526 		return -EINVAL;
527 	}
528 
529 	if (endptr == tok) {
530 		fprintf(stderr, "ERR: Deformed value!\n");
531 		return -EINVAL;
532 	}
533 
534 	*rid = (uint32_t)id;
535 	return 0;
536 }
537 
sb_grow_dcd(struct sb_dcd_ctx * dctx,unsigned int inc_size)538 static int sb_grow_dcd(struct sb_dcd_ctx *dctx, unsigned int inc_size)
539 {
540 	uint32_t *tmp;
541 
542 	if (!inc_size)
543 		return 0;
544 
545 	dctx->size += inc_size;
546 	tmp = realloc(dctx->payload, dctx->size);
547 	if (!tmp)
548 		return -ENOMEM;
549 
550 	dctx->payload = tmp;
551 
552 	/* Assemble and update the HAB DCD header. */
553 	dctx->payload[0] = htonl((SB_HAB_DCD_TAG << 24) |
554 				 (dctx->size << 8) |
555 				 SB_HAB_VERSION);
556 
557 	return 0;
558 }
559 
sb_build_dcd(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)560 static int sb_build_dcd(struct sb_image_ctx *ictx, struct sb_cmd_list *cmd)
561 {
562 	struct sb_dcd_ctx *dctx;
563 
564 	char *tok;
565 	uint32_t id;
566 	int ret;
567 
568 	dctx = calloc(1, sizeof(*dctx));
569 	if (!dctx)
570 		return -ENOMEM;
571 
572 	ret = sb_grow_dcd(dctx, 4);
573 	if (ret)
574 		goto err_dcd;
575 
576 	/* Read DCD block number. */
577 	tok = strtok(cmd->cmd, " ");
578 	if (!tok) {
579 		fprintf(stderr, "#%i ERR: DCD block without number!\n",
580 			cmd->lineno);
581 		ret = -EINVAL;
582 		goto err_dcd;
583 	}
584 
585 	/* Parse the DCD block number. */
586 	ret = sb_token_to_long(tok, &id);
587 	if (ret) {
588 		fprintf(stderr, "#%i ERR: Malformed DCD block number!\n",
589 			cmd->lineno);
590 		goto err_dcd;
591 	}
592 
593 	dctx->id = id;
594 
595 	/*
596 	 * The DCD block is now constructed. Append it to the list.
597 	 * WARNING: The DCD size is still not computed and will be
598 	 * updated while parsing it's commands.
599 	 */
600 	if (!ictx->dcd_head) {
601 		ictx->dcd_head = dctx;
602 		ictx->dcd_tail = dctx;
603 	} else {
604 		ictx->dcd_tail->dcd = dctx;
605 		ictx->dcd_tail = dctx;
606 	}
607 
608 	return 0;
609 
610 err_dcd:
611 	free(dctx->payload);
612 	free(dctx);
613 	return ret;
614 }
615 
sb_build_dcd_block(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd,uint32_t type)616 static int sb_build_dcd_block(struct sb_image_ctx *ictx,
617 			      struct sb_cmd_list *cmd,
618 			      uint32_t type)
619 {
620 	char *tok;
621 	uint32_t address, value, length;
622 	int ret;
623 
624 	struct sb_dcd_ctx *dctx = ictx->dcd_tail;
625 	uint32_t *dcd;
626 
627 	if (dctx->prev_dcd_head && (type != SB_DCD_NOOP) &&
628 	    ((dctx->prev_dcd_head[0] & 0xff0000ff) == type)) {
629 		/* Same instruction as before, just append it. */
630 		ret = sb_grow_dcd(dctx, 8);
631 		if (ret)
632 			return ret;
633 	} else if (type == SB_DCD_NOOP) {
634 		ret = sb_grow_dcd(dctx, 4);
635 		if (ret)
636 			return ret;
637 
638 		/* Update DCD command block pointer. */
639 		dctx->prev_dcd_head = dctx->payload +
640 				dctx->size / sizeof(*dctx->payload) - 1;
641 
642 		/* NOOP has only 4 bytes and no payload. */
643 		goto noop;
644 	} else {
645 		/*
646 		 * Either a different instruction block started now
647 		 * or this is the first instruction block.
648 		 */
649 		ret = sb_grow_dcd(dctx, 12);
650 		if (ret)
651 			return ret;
652 
653 		/* Update DCD command block pointer. */
654 		dctx->prev_dcd_head = dctx->payload +
655 				dctx->size / sizeof(*dctx->payload) - 3;
656 	}
657 
658 	dcd = dctx->payload + dctx->size / sizeof(*dctx->payload) - 2;
659 
660 	/*
661 	 * Prepare the command.
662 	 */
663 	tok = strtok(cmd->cmd, " ");
664 	if (!tok) {
665 		fprintf(stderr, "#%i ERR: Missing DCD address!\n",
666 			cmd->lineno);
667 		ret = -EINVAL;
668 		goto err;
669 	}
670 
671 	/* Read DCD destination address. */
672 	ret = sb_token_to_long(tok, &address);
673 	if (ret) {
674 		fprintf(stderr, "#%i ERR: Incorrect DCD address!\n",
675 			cmd->lineno);
676 		goto err;
677 	}
678 
679 	tok = strtok(NULL, " ");
680 	if (!tok) {
681 		fprintf(stderr, "#%i ERR: Missing DCD value!\n",
682 			cmd->lineno);
683 		ret = -EINVAL;
684 		goto err;
685 	}
686 
687 	/* Read DCD operation value. */
688 	ret = sb_token_to_long(tok, &value);
689 	if (ret) {
690 		fprintf(stderr, "#%i ERR: Incorrect DCD value!\n",
691 			cmd->lineno);
692 		goto err;
693 	}
694 
695 	/* Fill in the new DCD entry. */
696 	dcd[0] = htonl(address);
697 	dcd[1] = htonl(value);
698 
699 noop:
700 	/* Update the DCD command block. */
701 	length = dctx->size -
702 		 ((dctx->prev_dcd_head - dctx->payload) *
703 		 sizeof(*dctx->payload));
704 	dctx->prev_dcd_head[0] = htonl(type | (length << 8));
705 
706 err:
707 	return ret;
708 }
709 
sb_build_section(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)710 static int sb_build_section(struct sb_image_ctx *ictx, struct sb_cmd_list *cmd)
711 {
712 	struct sb_section_ctx *sctx;
713 	struct sb_sections_header *shdr;
714 	char *tok;
715 	uint32_t bootable = 0;
716 	uint32_t id;
717 	int ret;
718 
719 	sctx = calloc(1, sizeof(*sctx));
720 	if (!sctx)
721 		return -ENOMEM;
722 
723 	/* Read section number. */
724 	tok = strtok(cmd->cmd, " ");
725 	if (!tok) {
726 		fprintf(stderr, "#%i ERR: Section without number!\n",
727 			cmd->lineno);
728 		ret = -EINVAL;
729 		goto err_sect;
730 	}
731 
732 	/* Parse the section number. */
733 	ret = sb_token_to_long(tok, &id);
734 	if (ret) {
735 		fprintf(stderr, "#%i ERR: Malformed section number!\n",
736 			cmd->lineno);
737 		goto err_sect;
738 	}
739 
740 	/* Read section's BOOTABLE flag. */
741 	tok = strtok(NULL, " ");
742 	if (tok && (strlen(tok) == 8) && !strncmp(tok, "BOOTABLE", 8))
743 		bootable = SB_SECTION_FLAG_BOOTABLE;
744 
745 	sctx->boot = bootable;
746 
747 	shdr = &sctx->payload;
748 	shdr->section_number = id;
749 	shdr->section_flags = bootable;
750 
751 	/*
752 	 * The section is now constructed. Append it to the list.
753 	 * WARNING: The section size is still not computed and will
754 	 * be updated while parsing it's commands.
755 	 */
756 	ictx->sect_count++;
757 
758 	/* Mark that this section is bootable one. */
759 	if (bootable) {
760 		if (ictx->sect_boot_found) {
761 			fprintf(stderr,
762 				"#%i WARN: Multiple bootable section!\n",
763 				cmd->lineno);
764 		} else {
765 			ictx->sect_boot = id;
766 			ictx->sect_boot_found = 1;
767 		}
768 	}
769 
770 	if (!ictx->sect_head) {
771 		ictx->sect_head = sctx;
772 		ictx->sect_tail = sctx;
773 	} else {
774 		ictx->sect_tail->sect = sctx;
775 		ictx->sect_tail = sctx;
776 	}
777 
778 	return 0;
779 
780 err_sect:
781 	free(sctx);
782 	return ret;
783 }
784 
sb_build_command_nop(struct sb_image_ctx * ictx)785 static int sb_build_command_nop(struct sb_image_ctx *ictx)
786 {
787 	struct sb_section_ctx *sctx = ictx->sect_tail;
788 	struct sb_cmd_ctx *cctx;
789 	struct sb_command *ccmd;
790 
791 	cctx = calloc(1, sizeof(*cctx));
792 	if (!cctx)
793 		return -ENOMEM;
794 
795 	ccmd = &cctx->payload;
796 
797 	/*
798 	 * Construct the command.
799 	 */
800 	ccmd->header.checksum	= 0x5a;
801 	ccmd->header.tag	= ROM_NOP_CMD;
802 
803 	cctx->size = sizeof(*ccmd);
804 
805 	/*
806 	 * Append the command to the last section.
807 	 */
808 	if (!sctx->cmd_head) {
809 		sctx->cmd_head = cctx;
810 		sctx->cmd_tail = cctx;
811 	} else {
812 		sctx->cmd_tail->cmd = cctx;
813 		sctx->cmd_tail = cctx;
814 	}
815 
816 	return 0;
817 }
818 
sb_build_command_tag(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)819 static int sb_build_command_tag(struct sb_image_ctx *ictx,
820 				struct sb_cmd_list *cmd)
821 {
822 	struct sb_section_ctx *sctx = ictx->sect_tail;
823 	struct sb_cmd_ctx *cctx;
824 	struct sb_command *ccmd;
825 	char *tok;
826 
827 	cctx = calloc(1, sizeof(*cctx));
828 	if (!cctx)
829 		return -ENOMEM;
830 
831 	ccmd = &cctx->payload;
832 
833 	/*
834 	 * Prepare the command.
835 	 */
836 	/* Check for the LAST keyword. */
837 	tok = strtok(cmd->cmd, " ");
838 	if (tok && !strcmp(tok, "LAST"))
839 		ccmd->header.flags = ROM_TAG_CMD_FLAG_ROM_LAST_TAG;
840 
841 	/*
842 	 * Construct the command.
843 	 */
844 	ccmd->header.checksum	= 0x5a;
845 	ccmd->header.tag	= ROM_TAG_CMD;
846 
847 	cctx->size = sizeof(*ccmd);
848 
849 	/*
850 	 * Append the command to the last section.
851 	 */
852 	if (!sctx->cmd_head) {
853 		sctx->cmd_head = cctx;
854 		sctx->cmd_tail = cctx;
855 	} else {
856 		sctx->cmd_tail->cmd = cctx;
857 		sctx->cmd_tail = cctx;
858 	}
859 
860 	return 0;
861 }
862 
sb_build_command_load(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)863 static int sb_build_command_load(struct sb_image_ctx *ictx,
864 				 struct sb_cmd_list *cmd)
865 {
866 	struct sb_section_ctx *sctx = ictx->sect_tail;
867 	struct sb_cmd_ctx *cctx;
868 	struct sb_command *ccmd;
869 	char *tok;
870 	int ret, is_ivt = 0, is_dcd = 0;
871 	uint32_t dest, dcd = 0;
872 
873 	cctx = calloc(1, sizeof(*cctx));
874 	if (!cctx)
875 		return -ENOMEM;
876 
877 	ccmd = &cctx->payload;
878 
879 	/*
880 	 * Prepare the command.
881 	 */
882 	tok = strtok(cmd->cmd, " ");
883 	if (!tok) {
884 		fprintf(stderr, "#%i ERR: Missing LOAD address or 'IVT'!\n",
885 			cmd->lineno);
886 		ret = -EINVAL;
887 		goto err;
888 	}
889 
890 	/* Check for "IVT" flag. */
891 	if (!strcmp(tok, "IVT"))
892 		is_ivt = 1;
893 	if (!strcmp(tok, "DCD"))
894 		is_dcd = 1;
895 	if (is_ivt || is_dcd) {
896 		tok = strtok(NULL, " ");
897 		if (!tok) {
898 			fprintf(stderr, "#%i ERR: Missing LOAD address!\n",
899 				cmd->lineno);
900 			ret = -EINVAL;
901 			goto err;
902 		}
903 	}
904 
905 	/* Read load destination address. */
906 	ret = sb_token_to_long(tok, &dest);
907 	if (ret) {
908 		fprintf(stderr, "#%i ERR: Incorrect LOAD address!\n",
909 			cmd->lineno);
910 		goto err;
911 	}
912 
913 	/* Read filename or IVT entrypoint or DCD block ID. */
914 	tok = strtok(NULL, " ");
915 	if (!tok) {
916 		fprintf(stderr,
917 			"#%i ERR: Missing LOAD filename or IVT ep or DCD block ID!\n",
918 			cmd->lineno);
919 		ret = -EINVAL;
920 		goto err;
921 	}
922 
923 	if (is_ivt) {
924 		/* Handle IVT. */
925 		struct sb_ivt_header *ivt;
926 		uint32_t ivtep;
927 		ret = sb_token_to_long(tok, &ivtep);
928 
929 		if (ret) {
930 			fprintf(stderr,
931 				"#%i ERR: Incorrect IVT entry point!\n",
932 				cmd->lineno);
933 			goto err;
934 		}
935 
936 		ivt = calloc(1, sizeof(*ivt));
937 		if (!ivt) {
938 			ret = -ENOMEM;
939 			goto err;
940 		}
941 
942 		ivt->header = sb_hab_ivt_header();
943 		ivt->entry = ivtep;
944 		ivt->self = dest;
945 
946 		cctx->data = (uint8_t *)ivt;
947 		cctx->length = sizeof(*ivt);
948 	} else if (is_dcd) {
949 		struct sb_dcd_ctx *dctx = ictx->dcd_head;
950 		uint32_t dcdid;
951 		uint8_t *payload;
952 		uint32_t asize;
953 		ret = sb_token_to_long(tok, &dcdid);
954 
955 		if (ret) {
956 			fprintf(stderr,
957 				"#%i ERR: Incorrect DCD block ID!\n",
958 				cmd->lineno);
959 			goto err;
960 		}
961 
962 		while (dctx) {
963 			if (dctx->id == dcdid)
964 				break;
965 			dctx = dctx->dcd;
966 		}
967 
968 		if (!dctx) {
969 			fprintf(stderr, "#%i ERR: DCD block %08x not found!\n",
970 				cmd->lineno, dcdid);
971 			goto err;
972 		}
973 
974 		asize = roundup(dctx->size, SB_BLOCK_SIZE);
975 		payload = calloc(1, asize);
976 		if (!payload) {
977 			ret = -ENOMEM;
978 			goto err;
979 		}
980 
981 		memcpy(payload, dctx->payload, dctx->size);
982 
983 		cctx->data = payload;
984 		cctx->length = asize;
985 
986 		/* Set the Load DCD flag. */
987 		dcd = ROM_LOAD_CMD_FLAG_DCD_LOAD;
988 	} else {
989 		/* Regular LOAD of a file. */
990 		ret = sb_load_file(cctx, tok);
991 		if (ret) {
992 			fprintf(stderr, "#%i ERR: Cannot load '%s'!\n",
993 				cmd->lineno, tok);
994 			goto err;
995 		}
996 	}
997 
998 	if (cctx->length & (SB_BLOCK_SIZE - 1)) {
999 		fprintf(stderr, "#%i ERR: Unaligned payload!\n",
1000 			cmd->lineno);
1001 	}
1002 
1003 	/*
1004 	 * Construct the command.
1005 	 */
1006 	ccmd->header.checksum	= 0x5a;
1007 	ccmd->header.tag	= ROM_LOAD_CMD;
1008 	ccmd->header.flags	= dcd;
1009 
1010 	ccmd->load.address	= dest;
1011 	ccmd->load.count	= cctx->length;
1012 	ccmd->load.crc32	= pbl_crc32(0,
1013 					    (const char *)cctx->data,
1014 					    cctx->length);
1015 
1016 	cctx->size = sizeof(*ccmd) + cctx->length;
1017 
1018 	/*
1019 	 * Append the command to the last section.
1020 	 */
1021 	if (!sctx->cmd_head) {
1022 		sctx->cmd_head = cctx;
1023 		sctx->cmd_tail = cctx;
1024 	} else {
1025 		sctx->cmd_tail->cmd = cctx;
1026 		sctx->cmd_tail = cctx;
1027 	}
1028 
1029 	return 0;
1030 
1031 err:
1032 	free(cctx);
1033 	return ret;
1034 }
1035 
sb_build_command_fill(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)1036 static int sb_build_command_fill(struct sb_image_ctx *ictx,
1037 				 struct sb_cmd_list *cmd)
1038 {
1039 	struct sb_section_ctx *sctx = ictx->sect_tail;
1040 	struct sb_cmd_ctx *cctx;
1041 	struct sb_command *ccmd;
1042 	char *tok;
1043 	uint32_t address, pattern, length;
1044 	int ret;
1045 
1046 	cctx = calloc(1, sizeof(*cctx));
1047 	if (!cctx)
1048 		return -ENOMEM;
1049 
1050 	ccmd = &cctx->payload;
1051 
1052 	/*
1053 	 * Prepare the command.
1054 	 */
1055 	tok = strtok(cmd->cmd, " ");
1056 	if (!tok) {
1057 		fprintf(stderr, "#%i ERR: Missing FILL address!\n",
1058 			cmd->lineno);
1059 		ret = -EINVAL;
1060 		goto err;
1061 	}
1062 
1063 	/* Read fill destination address. */
1064 	ret = sb_token_to_long(tok, &address);
1065 	if (ret) {
1066 		fprintf(stderr, "#%i ERR: Incorrect FILL address!\n",
1067 			cmd->lineno);
1068 		goto err;
1069 	}
1070 
1071 	tok = strtok(NULL, " ");
1072 	if (!tok) {
1073 		fprintf(stderr, "#%i ERR: Missing FILL pattern!\n",
1074 			cmd->lineno);
1075 		ret = -EINVAL;
1076 		goto err;
1077 	}
1078 
1079 	/* Read fill pattern address. */
1080 	ret = sb_token_to_long(tok, &pattern);
1081 	if (ret) {
1082 		fprintf(stderr, "#%i ERR: Incorrect FILL pattern!\n",
1083 			cmd->lineno);
1084 		goto err;
1085 	}
1086 
1087 	tok = strtok(NULL, " ");
1088 	if (!tok) {
1089 		fprintf(stderr, "#%i ERR: Missing FILL length!\n",
1090 			cmd->lineno);
1091 		ret = -EINVAL;
1092 		goto err;
1093 	}
1094 
1095 	/* Read fill pattern address. */
1096 	ret = sb_token_to_long(tok, &length);
1097 	if (ret) {
1098 		fprintf(stderr, "#%i ERR: Incorrect FILL length!\n",
1099 			cmd->lineno);
1100 		goto err;
1101 	}
1102 
1103 	/*
1104 	 * Construct the command.
1105 	 */
1106 	ccmd->header.checksum	= 0x5a;
1107 	ccmd->header.tag	= ROM_FILL_CMD;
1108 
1109 	ccmd->fill.address	= address;
1110 	ccmd->fill.count	= length;
1111 	ccmd->fill.pattern	= pattern;
1112 
1113 	cctx->size = sizeof(*ccmd);
1114 
1115 	/*
1116 	 * Append the command to the last section.
1117 	 */
1118 	if (!sctx->cmd_head) {
1119 		sctx->cmd_head = cctx;
1120 		sctx->cmd_tail = cctx;
1121 	} else {
1122 		sctx->cmd_tail->cmd = cctx;
1123 		sctx->cmd_tail = cctx;
1124 	}
1125 
1126 	return 0;
1127 
1128 err:
1129 	free(cctx);
1130 	return ret;
1131 }
1132 
sb_build_command_jump_call(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd,unsigned int is_call)1133 static int sb_build_command_jump_call(struct sb_image_ctx *ictx,
1134 				      struct sb_cmd_list *cmd,
1135 				      unsigned int is_call)
1136 {
1137 	struct sb_section_ctx *sctx = ictx->sect_tail;
1138 	struct sb_cmd_ctx *cctx;
1139 	struct sb_command *ccmd;
1140 	char *tok;
1141 	uint32_t dest, arg = 0x0;
1142 	uint32_t hab = 0;
1143 	int ret;
1144 	const char *cmdname = is_call ? "CALL" : "JUMP";
1145 
1146 	cctx = calloc(1, sizeof(*cctx));
1147 	if (!cctx)
1148 		return -ENOMEM;
1149 
1150 	ccmd = &cctx->payload;
1151 
1152 	/*
1153 	 * Prepare the command.
1154 	 */
1155 	tok = strtok(cmd->cmd, " ");
1156 	if (!tok) {
1157 		fprintf(stderr,
1158 			"#%i ERR: Missing %s address or 'HAB'!\n",
1159 			cmd->lineno, cmdname);
1160 		ret = -EINVAL;
1161 		goto err;
1162 	}
1163 
1164 	/* Check for "HAB" flag. */
1165 	if (!strcmp(tok, "HAB")) {
1166 		hab = is_call ? ROM_CALL_CMD_FLAG_HAB : ROM_JUMP_CMD_FLAG_HAB;
1167 		tok = strtok(NULL, " ");
1168 		if (!tok) {
1169 			fprintf(stderr, "#%i ERR: Missing %s address!\n",
1170 				cmd->lineno, cmdname);
1171 			ret = -EINVAL;
1172 			goto err;
1173 		}
1174 	}
1175 	/* Read load destination address. */
1176 	ret = sb_token_to_long(tok, &dest);
1177 	if (ret) {
1178 		fprintf(stderr, "#%i ERR: Incorrect %s address!\n",
1179 			cmd->lineno, cmdname);
1180 		goto err;
1181 	}
1182 
1183 	tok = strtok(NULL, " ");
1184 	if (tok) {
1185 		ret = sb_token_to_long(tok, &arg);
1186 		if (ret) {
1187 			fprintf(stderr,
1188 				"#%i ERR: Incorrect %s argument!\n",
1189 				cmd->lineno, cmdname);
1190 			goto err;
1191 		}
1192 	}
1193 
1194 	/*
1195 	 * Construct the command.
1196 	 */
1197 	ccmd->header.checksum	= 0x5a;
1198 	ccmd->header.tag	= is_call ? ROM_CALL_CMD : ROM_JUMP_CMD;
1199 	ccmd->header.flags	= hab;
1200 
1201 	ccmd->call.address	= dest;
1202 	ccmd->call.argument	= arg;
1203 
1204 	cctx->size = sizeof(*ccmd);
1205 
1206 	/*
1207 	 * Append the command to the last section.
1208 	 */
1209 	if (!sctx->cmd_head) {
1210 		sctx->cmd_head = cctx;
1211 		sctx->cmd_tail = cctx;
1212 	} else {
1213 		sctx->cmd_tail->cmd = cctx;
1214 		sctx->cmd_tail = cctx;
1215 	}
1216 
1217 	return 0;
1218 
1219 err:
1220 	free(cctx);
1221 	return ret;
1222 }
1223 
sb_build_command_jump(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)1224 static int sb_build_command_jump(struct sb_image_ctx *ictx,
1225 				 struct sb_cmd_list *cmd)
1226 {
1227 	return sb_build_command_jump_call(ictx, cmd, 0);
1228 }
1229 
sb_build_command_call(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)1230 static int sb_build_command_call(struct sb_image_ctx *ictx,
1231 				 struct sb_cmd_list *cmd)
1232 {
1233 	return sb_build_command_jump_call(ictx, cmd, 1);
1234 }
1235 
sb_build_command_mode(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)1236 static int sb_build_command_mode(struct sb_image_ctx *ictx,
1237 				 struct sb_cmd_list *cmd)
1238 {
1239 	struct sb_section_ctx *sctx = ictx->sect_tail;
1240 	struct sb_cmd_ctx *cctx;
1241 	struct sb_command *ccmd;
1242 	char *tok;
1243 	int ret;
1244 	unsigned int i;
1245 	uint32_t mode = 0xffffffff;
1246 
1247 	cctx = calloc(1, sizeof(*cctx));
1248 	if (!cctx)
1249 		return -ENOMEM;
1250 
1251 	ccmd = &cctx->payload;
1252 
1253 	/*
1254 	 * Prepare the command.
1255 	 */
1256 	tok = strtok(cmd->cmd, " ");
1257 	if (!tok) {
1258 		fprintf(stderr, "#%i ERR: Missing MODE boot mode argument!\n",
1259 			cmd->lineno);
1260 		ret = -EINVAL;
1261 		goto err;
1262 	}
1263 
1264 	for (i = 0; i < ARRAY_SIZE(modetable); i++) {
1265 		if (!strcmp(tok, modetable[i].name)) {
1266 			mode = modetable[i].mode;
1267 			break;
1268 		}
1269 
1270 		if (!modetable[i].altname)
1271 			continue;
1272 
1273 		if (!strcmp(tok, modetable[i].altname)) {
1274 			mode = modetable[i].mode;
1275 			break;
1276 		}
1277 	}
1278 
1279 	if (mode == 0xffffffff) {
1280 		fprintf(stderr, "#%i ERR: Invalid MODE boot mode argument!\n",
1281 			cmd->lineno);
1282 		ret = -EINVAL;
1283 		goto err;
1284 	}
1285 
1286 	/*
1287 	 * Construct the command.
1288 	 */
1289 	ccmd->header.checksum	= 0x5a;
1290 	ccmd->header.tag	= ROM_MODE_CMD;
1291 
1292 	ccmd->mode.mode		= mode;
1293 
1294 	cctx->size = sizeof(*ccmd);
1295 
1296 	/*
1297 	 * Append the command to the last section.
1298 	 */
1299 	if (!sctx->cmd_head) {
1300 		sctx->cmd_head = cctx;
1301 		sctx->cmd_tail = cctx;
1302 	} else {
1303 		sctx->cmd_tail->cmd = cctx;
1304 		sctx->cmd_tail = cctx;
1305 	}
1306 
1307 	return 0;
1308 
1309 err:
1310 	free(cctx);
1311 	return ret;
1312 }
1313 
sb_prefill_image_header(struct sb_image_ctx * ictx)1314 static int sb_prefill_image_header(struct sb_image_ctx *ictx)
1315 {
1316 	struct sb_boot_image_header *hdr = &ictx->payload;
1317 
1318 	/* Fill signatures */
1319 	memcpy(hdr->signature1, "STMP", 4);
1320 	memcpy(hdr->signature2, "sgtl", 4);
1321 
1322 	/* SB Image version 1.1 */
1323 	hdr->major_version = SB_VERSION_MAJOR;
1324 	hdr->minor_version = SB_VERSION_MINOR;
1325 
1326 	/* Boot image major version */
1327 	hdr->product_version.major = htons(0x999);
1328 	hdr->product_version.minor = htons(0x999);
1329 	hdr->product_version.revision = htons(0x999);
1330 	/* Boot image major version */
1331 	hdr->component_version.major = htons(0x999);
1332 	hdr->component_version.minor = htons(0x999);
1333 	hdr->component_version.revision = htons(0x999);
1334 
1335 	/* Drive tag must be 0x0 for i.MX23 */
1336 	hdr->drive_tag = 0;
1337 
1338 	hdr->header_blocks =
1339 		sizeof(struct sb_boot_image_header) / SB_BLOCK_SIZE;
1340 	hdr->section_header_size =
1341 		sizeof(struct sb_sections_header) / SB_BLOCK_SIZE;
1342 	hdr->timestamp_us = sb_get_timestamp() * 1000000;
1343 
1344 	hdr->flags = ictx->display_progress ?
1345 		SB_IMAGE_FLAG_DISPLAY_PROGRESS : 0;
1346 
1347 	/* FIXME -- We support only default key */
1348 	hdr->key_count = 1;
1349 
1350 	return 0;
1351 }
1352 
sb_postfill_image_header(struct sb_image_ctx * ictx)1353 static int sb_postfill_image_header(struct sb_image_ctx *ictx)
1354 {
1355 	struct sb_boot_image_header *hdr = &ictx->payload;
1356 	struct sb_section_ctx *sctx = ictx->sect_head;
1357 	uint32_t kd_size, sections_blocks;
1358 	EVP_MD_CTX *md_ctx;
1359 
1360 	/* The main SB header size in blocks. */
1361 	hdr->image_blocks = hdr->header_blocks;
1362 
1363 	/* Size of the key dictionary, which has single zero entry. */
1364 	kd_size = hdr->key_count * sizeof(struct sb_key_dictionary_key);
1365 	hdr->image_blocks += kd_size / SB_BLOCK_SIZE;
1366 
1367 	/* Now count the payloads. */
1368 	hdr->section_count = ictx->sect_count;
1369 	while (sctx) {
1370 		hdr->image_blocks += sctx->size / SB_BLOCK_SIZE;
1371 		sctx = sctx->sect;
1372 	}
1373 
1374 	if (!ictx->sect_boot_found) {
1375 		fprintf(stderr, "ERR: No bootable section selected!\n");
1376 		return -EINVAL;
1377 	}
1378 	hdr->first_boot_section_id = ictx->sect_boot;
1379 
1380 	/* The n * SB section size in blocks. */
1381 	sections_blocks = hdr->section_count * hdr->section_header_size;
1382 	hdr->image_blocks += sections_blocks;
1383 
1384 	/* Key dictionary offset. */
1385 	hdr->key_dictionary_block = hdr->header_blocks + sections_blocks;
1386 
1387 	/* Digest of the whole image. */
1388 	hdr->image_blocks += 2;
1389 
1390 	/* Pointer past the dictionary. */
1391 	hdr->first_boot_tag_block =
1392 		hdr->key_dictionary_block + kd_size / SB_BLOCK_SIZE;
1393 
1394 	/* Compute header digest. */
1395 	md_ctx = EVP_MD_CTX_new();
1396 
1397 	EVP_DigestInit(md_ctx, EVP_sha1());
1398 	EVP_DigestUpdate(md_ctx, hdr->signature1,
1399 			 sizeof(struct sb_boot_image_header) -
1400 			 sizeof(hdr->digest));
1401 	EVP_DigestFinal(md_ctx, hdr->digest, NULL);
1402 	EVP_MD_CTX_free(md_ctx);
1403 
1404 	return 0;
1405 }
1406 
sb_fixup_sections_and_tags(struct sb_image_ctx * ictx)1407 static int sb_fixup_sections_and_tags(struct sb_image_ctx *ictx)
1408 {
1409 	/* Fixup the placement of sections. */
1410 	struct sb_boot_image_header *ihdr = &ictx->payload;
1411 	struct sb_section_ctx *sctx = ictx->sect_head;
1412 	struct sb_sections_header *shdr;
1413 	struct sb_cmd_ctx *cctx;
1414 	struct sb_command *ccmd;
1415 	uint32_t offset = ihdr->first_boot_tag_block;
1416 
1417 	while (sctx) {
1418 		shdr = &sctx->payload;
1419 
1420 		/* Fill in the section TAG offset. */
1421 		shdr->section_offset = offset + 1;
1422 		offset += shdr->section_size;
1423 
1424 		/* Section length is measured from the TAG block. */
1425 		shdr->section_size--;
1426 
1427 		/* Fixup the TAG command. */
1428 		cctx = sctx->cmd_head;
1429 		while (cctx) {
1430 			ccmd = &cctx->payload;
1431 			if (ccmd->header.tag == ROM_TAG_CMD) {
1432 				ccmd->tag.section_number = shdr->section_number;
1433 				ccmd->tag.section_length = shdr->section_size;
1434 				ccmd->tag.section_flags = shdr->section_flags;
1435 			}
1436 
1437 			/* Update the command checksum. */
1438 			ccmd->header.checksum = sb_command_checksum(ccmd);
1439 
1440 			cctx = cctx->cmd;
1441 		}
1442 
1443 		sctx = sctx->sect;
1444 	}
1445 
1446 	return 0;
1447 }
1448 
sb_parse_line(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)1449 static int sb_parse_line(struct sb_image_ctx *ictx, struct sb_cmd_list *cmd)
1450 {
1451 	char *tok;
1452 	char *line = cmd->cmd;
1453 	char *rptr = NULL;
1454 	int ret;
1455 
1456 	/* Analyze the identifier on this line first. */
1457 	tok = strtok_r(line, " ", &rptr);
1458 	if (!tok || (strlen(tok) == 0)) {
1459 		fprintf(stderr, "#%i ERR: Invalid line!\n", cmd->lineno);
1460 		return -EINVAL;
1461 	}
1462 
1463 	cmd->cmd = rptr;
1464 
1465 	/* set DISPLAY_PROGRESS flag */
1466 	if (!strcmp(tok, "DISPLAYPROGRESS")) {
1467 		ictx->display_progress = 1;
1468 		return 0;
1469 	}
1470 
1471 	/* DCD */
1472 	if (!strcmp(tok, "DCD")) {
1473 		ictx->in_section = 0;
1474 		ictx->in_dcd = 1;
1475 		sb_build_dcd(ictx, cmd);
1476 		return 0;
1477 	}
1478 
1479 	/* Section */
1480 	if (!strcmp(tok, "SECTION")) {
1481 		ictx->in_section = 1;
1482 		ictx->in_dcd = 0;
1483 		sb_build_section(ictx, cmd);
1484 		return 0;
1485 	}
1486 
1487 	if (!ictx->in_section && !ictx->in_dcd) {
1488 		fprintf(stderr, "#%i ERR: Data outside of a section!\n",
1489 			cmd->lineno);
1490 		return -EINVAL;
1491 	}
1492 
1493 	if (ictx->in_section) {
1494 		/* Section commands */
1495 		if (!strcmp(tok, "NOP")) {
1496 			ret = sb_build_command_nop(ictx);
1497 		} else if (!strcmp(tok, "TAG")) {
1498 			ret = sb_build_command_tag(ictx, cmd);
1499 		} else if (!strcmp(tok, "LOAD")) {
1500 			ret = sb_build_command_load(ictx, cmd);
1501 		} else if (!strcmp(tok, "FILL")) {
1502 			ret = sb_build_command_fill(ictx, cmd);
1503 		} else if (!strcmp(tok, "JUMP")) {
1504 			ret = sb_build_command_jump(ictx, cmd);
1505 		} else if (!strcmp(tok, "CALL")) {
1506 			ret = sb_build_command_call(ictx, cmd);
1507 		} else if (!strcmp(tok, "MODE")) {
1508 			ret = sb_build_command_mode(ictx, cmd);
1509 		} else {
1510 			fprintf(stderr,
1511 				"#%i ERR: Unsupported instruction '%s'!\n",
1512 				cmd->lineno, tok);
1513 			return -ENOTSUP;
1514 		}
1515 	} else if (ictx->in_dcd) {
1516 		char *lptr;
1517 		uint32_t ilen = '1';
1518 
1519 		tok = strtok_r(tok, ".", &lptr);
1520 		if (!tok || (strlen(tok) == 0) || (lptr && strlen(lptr) != 1)) {
1521 			fprintf(stderr, "#%i ERR: Invalid line!\n",
1522 				cmd->lineno);
1523 			return -EINVAL;
1524 		}
1525 
1526 		if (lptr &&
1527 		    (lptr[0] != '1' && lptr[0] != '2' && lptr[0] != '4')) {
1528 			fprintf(stderr, "#%i ERR: Invalid instruction width!\n",
1529 				cmd->lineno);
1530 			return -EINVAL;
1531 		}
1532 
1533 		if (lptr)
1534 			ilen = lptr[0] - '1';
1535 
1536 		/* DCD commands */
1537 		if (!strcmp(tok, "WRITE")) {
1538 			ret = sb_build_dcd_block(ictx, cmd,
1539 						 SB_DCD_WRITE | ilen);
1540 		} else if (!strcmp(tok, "ANDC")) {
1541 			ret = sb_build_dcd_block(ictx, cmd,
1542 						 SB_DCD_ANDC | ilen);
1543 		} else if (!strcmp(tok, "ORR")) {
1544 			ret = sb_build_dcd_block(ictx, cmd,
1545 						 SB_DCD_ORR | ilen);
1546 		} else if (!strcmp(tok, "EQZ")) {
1547 			ret = sb_build_dcd_block(ictx, cmd,
1548 						 SB_DCD_CHK_EQZ | ilen);
1549 		} else if (!strcmp(tok, "EQ")) {
1550 			ret = sb_build_dcd_block(ictx, cmd,
1551 						 SB_DCD_CHK_EQ | ilen);
1552 		} else if (!strcmp(tok, "NEQ")) {
1553 			ret = sb_build_dcd_block(ictx, cmd,
1554 						 SB_DCD_CHK_NEQ | ilen);
1555 		} else if (!strcmp(tok, "NEZ")) {
1556 			ret = sb_build_dcd_block(ictx, cmd,
1557 						 SB_DCD_CHK_NEZ | ilen);
1558 		} else if (!strcmp(tok, "NOOP")) {
1559 			ret = sb_build_dcd_block(ictx, cmd, SB_DCD_NOOP);
1560 		} else {
1561 			fprintf(stderr,
1562 				"#%i ERR: Unsupported instruction '%s'!\n",
1563 				cmd->lineno, tok);
1564 			return -ENOTSUP;
1565 		}
1566 	} else {
1567 		fprintf(stderr, "#%i ERR: Unsupported instruction '%s'!\n",
1568 			cmd->lineno, tok);
1569 		return -ENOTSUP;
1570 	}
1571 
1572 	/*
1573 	 * Here we have at least one section with one command, otherwise we
1574 	 * would have failed already higher above.
1575 	 *
1576 	 * FIXME -- should the updating happen here ?
1577 	 */
1578 	if (ictx->in_section && !ret) {
1579 		ictx->sect_tail->size += ictx->sect_tail->cmd_tail->size;
1580 		ictx->sect_tail->payload.section_size =
1581 			ictx->sect_tail->size / SB_BLOCK_SIZE;
1582 	}
1583 
1584 	return ret;
1585 }
1586 
sb_load_cmdfile(struct sb_image_ctx * ictx)1587 static int sb_load_cmdfile(struct sb_image_ctx *ictx)
1588 {
1589 	struct sb_cmd_list cmd;
1590 	int lineno = 1;
1591 	FILE *fp;
1592 	char *line = NULL;
1593 	ssize_t rlen;
1594 	size_t len;
1595 
1596 	fp = fopen(ictx->cfg_filename, "r");
1597 	if (!fp)
1598 		goto err_file;
1599 
1600 	while ((rlen = getline(&line, &len, fp)) > 0) {
1601 		memset(&cmd, 0, sizeof(cmd));
1602 
1603 		/* Strip the trailing newline. */
1604 		line[rlen - 1] = '\0';
1605 
1606 		cmd.cmd = line;
1607 		cmd.len = rlen;
1608 		cmd.lineno = lineno++;
1609 
1610 		sb_parse_line(ictx, &cmd);
1611 	}
1612 
1613 	free(line);
1614 
1615 	fclose(fp);
1616 
1617 	return 0;
1618 
1619 err_file:
1620 	fclose(fp);
1621 	fprintf(stderr, "ERR: Failed to load file \"%s\"\n",
1622 		ictx->cfg_filename);
1623 	return -EINVAL;
1624 }
1625 
sb_build_tree_from_cfg(struct sb_image_ctx * ictx)1626 static int sb_build_tree_from_cfg(struct sb_image_ctx *ictx)
1627 {
1628 	int ret;
1629 
1630 	ret = sb_load_cmdfile(ictx);
1631 	if (ret)
1632 		return ret;
1633 
1634 	ret = sb_prefill_image_header(ictx);
1635 	if (ret)
1636 		return ret;
1637 
1638 	ret = sb_postfill_image_header(ictx);
1639 	if (ret)
1640 		return ret;
1641 
1642 	ret = sb_fixup_sections_and_tags(ictx);
1643 	if (ret)
1644 		return ret;
1645 
1646 	return 0;
1647 }
1648 
sb_verify_image_header(struct sb_image_ctx * ictx,FILE * fp,long fsize)1649 static int sb_verify_image_header(struct sb_image_ctx *ictx,
1650 				  FILE *fp, long fsize)
1651 {
1652 	/* Verify static fields in the image header. */
1653 	struct sb_boot_image_header *hdr = &ictx->payload;
1654 	const char *stat[2] = { "[PASS]", "[FAIL]" };
1655 	struct tm tm;
1656 	int sz, ret = 0;
1657 	unsigned char digest[20];
1658 	EVP_MD_CTX *md_ctx;
1659 	unsigned long size;
1660 
1661 	/* Start image-wide crypto. */
1662 	ictx->md_ctx = EVP_MD_CTX_new();
1663 	EVP_DigestInit(ictx->md_ctx, EVP_sha1());
1664 
1665 	soprintf(ictx, "---------- Verifying SB Image Header ----------\n");
1666 
1667 	size = fread(&ictx->payload, 1, sizeof(ictx->payload), fp);
1668 	if (size != sizeof(ictx->payload)) {
1669 		fprintf(stderr, "ERR: SB image header too short!\n");
1670 		return -EINVAL;
1671 	}
1672 
1673 	/* Compute header digest. */
1674 	md_ctx = EVP_MD_CTX_new();
1675 	EVP_DigestInit(md_ctx, EVP_sha1());
1676 	EVP_DigestUpdate(md_ctx, hdr->signature1,
1677 			 sizeof(struct sb_boot_image_header) -
1678 			 sizeof(hdr->digest));
1679 	EVP_DigestFinal(md_ctx, digest, NULL);
1680 	EVP_MD_CTX_free(md_ctx);
1681 
1682 	sb_aes_init(ictx, NULL, 1);
1683 	sb_encrypt_sb_header(ictx);
1684 
1685 	if (memcmp(digest, hdr->digest, 20))
1686 		ret = -EINVAL;
1687 	soprintf(ictx, "%s Image header checksum:        %s\n", stat[!!ret],
1688 		 ret ? "BAD" : "OK");
1689 	if (ret)
1690 		return ret;
1691 
1692 	if (memcmp(hdr->signature1, "STMP", 4) ||
1693 	    memcmp(hdr->signature2, "sgtl", 4))
1694 		ret = -EINVAL;
1695 	soprintf(ictx, "%s Signatures:                   '%.4s' '%.4s'\n",
1696 		 stat[!!ret], hdr->signature1, hdr->signature2);
1697 	if (ret)
1698 		return ret;
1699 
1700 	if ((hdr->major_version != SB_VERSION_MAJOR) ||
1701 	    ((hdr->minor_version != 1) && (hdr->minor_version != 2)))
1702 		ret = -EINVAL;
1703 	soprintf(ictx, "%s Image version:                v%i.%i\n", stat[!!ret],
1704 		 hdr->major_version, hdr->minor_version);
1705 	if (ret)
1706 		return ret;
1707 
1708 	ret = sb_get_time(hdr->timestamp_us / 1000000, &tm);
1709 	soprintf(ictx,
1710 		 "%s Creation time:                %02i:%02i:%02i %02i/%02i/%04i\n",
1711 		 stat[!!ret], tm.tm_hour, tm.tm_min, tm.tm_sec,
1712 		 tm.tm_mday, tm.tm_mon, tm.tm_year + 2000);
1713 	if (ret)
1714 		return ret;
1715 
1716 	soprintf(ictx, "%s Product version:              %x.%x.%x\n", stat[0],
1717 		 ntohs(hdr->product_version.major),
1718 		 ntohs(hdr->product_version.minor),
1719 		 ntohs(hdr->product_version.revision));
1720 	soprintf(ictx, "%s Component version:            %x.%x.%x\n", stat[0],
1721 		 ntohs(hdr->component_version.major),
1722 		 ntohs(hdr->component_version.minor),
1723 		 ntohs(hdr->component_version.revision));
1724 
1725 	if (hdr->flags & ~SB_IMAGE_FLAGS_MASK)
1726 		ret = -EINVAL;
1727 	soprintf(ictx, "%s Image flags:                  %s\n", stat[!!ret],
1728 		 hdr->flags & SB_IMAGE_FLAG_DISPLAY_PROGRESS ?
1729 		 "Display_progress" : "");
1730 	if (ret)
1731 		return ret;
1732 
1733 	if (hdr->drive_tag != 0)
1734 		ret = -EINVAL;
1735 	soprintf(ictx, "%s Drive tag:                    %i\n", stat[!!ret],
1736 		 hdr->drive_tag);
1737 	if (ret)
1738 		return ret;
1739 
1740 	sz = sizeof(struct sb_boot_image_header) / SB_BLOCK_SIZE;
1741 	if (hdr->header_blocks != sz)
1742 		ret = -EINVAL;
1743 	soprintf(ictx, "%s Image header size (blocks):   %i\n", stat[!!ret],
1744 		 hdr->header_blocks);
1745 	if (ret)
1746 		return ret;
1747 
1748 	sz = sizeof(struct sb_sections_header) / SB_BLOCK_SIZE;
1749 	if (hdr->section_header_size != sz)
1750 		ret = -EINVAL;
1751 	soprintf(ictx, "%s Section header size (blocks): %i\n", stat[!!ret],
1752 		 hdr->section_header_size);
1753 	if (ret)
1754 		return ret;
1755 
1756 	soprintf(ictx, "%s Sections count:               %i\n", stat[!!ret],
1757 		 hdr->section_count);
1758 	soprintf(ictx, "%s First bootable section        %i\n", stat[!!ret],
1759 		 hdr->first_boot_section_id);
1760 
1761 	if (hdr->image_blocks != fsize / SB_BLOCK_SIZE)
1762 		ret = -EINVAL;
1763 	soprintf(ictx, "%s Image size (blocks):          %i\n", stat[!!ret],
1764 		 hdr->image_blocks);
1765 	if (ret)
1766 		return ret;
1767 
1768 	sz = hdr->header_blocks + hdr->section_header_size * hdr->section_count;
1769 	if (hdr->key_dictionary_block != sz)
1770 		ret = -EINVAL;
1771 	soprintf(ictx, "%s Key dict offset (blocks):     %i\n", stat[!!ret],
1772 		 hdr->key_dictionary_block);
1773 	if (ret)
1774 		return ret;
1775 
1776 	if (hdr->key_count != 1)
1777 		ret = -EINVAL;
1778 	soprintf(ictx, "%s Number of encryption keys:    %i\n", stat[!!ret],
1779 		 hdr->key_count);
1780 	if (ret)
1781 		return ret;
1782 
1783 	sz = hdr->header_blocks + hdr->section_header_size * hdr->section_count;
1784 	sz += hdr->key_count *
1785 		sizeof(struct sb_key_dictionary_key) / SB_BLOCK_SIZE;
1786 	if (hdr->first_boot_tag_block != (unsigned)sz)
1787 		ret = -EINVAL;
1788 	soprintf(ictx, "%s First TAG block (blocks):     %i\n", stat[!!ret],
1789 		 hdr->first_boot_tag_block);
1790 	if (ret)
1791 		return ret;
1792 
1793 	return 0;
1794 }
1795 
sb_decrypt_tag(struct sb_image_ctx * ictx,struct sb_cmd_ctx * cctx)1796 static void sb_decrypt_tag(struct sb_image_ctx *ictx,
1797 		struct sb_cmd_ctx *cctx)
1798 {
1799 	EVP_MD_CTX *md_ctx = ictx->md_ctx;
1800 	struct sb_command *cmd = &cctx->payload;
1801 
1802 	sb_aes_crypt(ictx, (uint8_t *)&cctx->c_payload,
1803 		     (uint8_t *)&cctx->payload, sizeof(*cmd));
1804 	EVP_DigestUpdate(md_ctx, &cctx->c_payload, sizeof(*cmd));
1805 }
1806 
sb_verify_command(struct sb_image_ctx * ictx,struct sb_cmd_ctx * cctx,FILE * fp,unsigned long * tsize)1807 static int sb_verify_command(struct sb_image_ctx *ictx,
1808 			     struct sb_cmd_ctx *cctx, FILE *fp,
1809 			     unsigned long *tsize)
1810 {
1811 	struct sb_command *ccmd = &cctx->payload;
1812 	unsigned long size, asize;
1813 	char *csum, *flag = "";
1814 	int ret;
1815 	unsigned int i;
1816 	uint8_t csn, csc = ccmd->header.checksum;
1817 	ccmd->header.checksum = 0x5a;
1818 	csn = sb_command_checksum(ccmd);
1819 	ccmd->header.checksum = csc;
1820 
1821 	if (csc == csn)
1822 		ret = 0;
1823 	else
1824 		ret = -EINVAL;
1825 	csum = ret ? "checksum BAD" : "checksum OK";
1826 
1827 	switch (ccmd->header.tag) {
1828 	case ROM_NOP_CMD:
1829 		soprintf(ictx, " NOOP # %s\n", csum);
1830 		return ret;
1831 	case ROM_TAG_CMD:
1832 		if (ccmd->header.flags & ROM_TAG_CMD_FLAG_ROM_LAST_TAG)
1833 			flag = "LAST";
1834 		soprintf(ictx, " TAG %s # %s\n", flag, csum);
1835 		sb_aes_reinit(ictx, 0);
1836 		return ret;
1837 	case ROM_LOAD_CMD:
1838 		soprintf(ictx, " LOAD addr=0x%08x length=0x%08x # %s\n",
1839 			 ccmd->load.address, ccmd->load.count, csum);
1840 
1841 		cctx->length = ccmd->load.count;
1842 		asize = roundup(cctx->length, SB_BLOCK_SIZE);
1843 		cctx->data = malloc(asize);
1844 		if (!cctx->data)
1845 			return -ENOMEM;
1846 
1847 		size = fread(cctx->data, 1, asize, fp);
1848 		if (size != asize) {
1849 			fprintf(stderr,
1850 				"ERR: SB LOAD command payload too short!\n");
1851 			return -EINVAL;
1852 		}
1853 
1854 		*tsize += size;
1855 
1856 		EVP_DigestUpdate(ictx->md_ctx, cctx->data, asize);
1857 		sb_aes_crypt(ictx, cctx->data, cctx->data, asize);
1858 
1859 		if (ccmd->load.crc32 != pbl_crc32(0,
1860 						  (const char *)cctx->data,
1861 						  asize)) {
1862 			fprintf(stderr,
1863 				"ERR: SB LOAD command payload CRC32 invalid!\n");
1864 			return -EINVAL;
1865 		}
1866 		return 0;
1867 	case ROM_FILL_CMD:
1868 		soprintf(ictx,
1869 			 " FILL addr=0x%08x length=0x%08x pattern=0x%08x # %s\n",
1870 			 ccmd->fill.address, ccmd->fill.count,
1871 			 ccmd->fill.pattern, csum);
1872 		return 0;
1873 	case ROM_JUMP_CMD:
1874 		if (ccmd->header.flags & ROM_JUMP_CMD_FLAG_HAB)
1875 			flag = " HAB";
1876 		soprintf(ictx,
1877 			 " JUMP%s addr=0x%08x r0_arg=0x%08x # %s\n",
1878 			 flag, ccmd->fill.address, ccmd->jump.argument, csum);
1879 		return 0;
1880 	case ROM_CALL_CMD:
1881 		if (ccmd->header.flags & ROM_CALL_CMD_FLAG_HAB)
1882 			flag = " HAB";
1883 		soprintf(ictx,
1884 			 " CALL%s addr=0x%08x r0_arg=0x%08x # %s\n",
1885 			 flag, ccmd->fill.address, ccmd->jump.argument, csum);
1886 		return 0;
1887 	case ROM_MODE_CMD:
1888 		for (i = 0; i < ARRAY_SIZE(modetable); i++) {
1889 			if (ccmd->mode.mode == modetable[i].mode) {
1890 				soprintf(ictx, " MODE %s # %s\n",
1891 					 modetable[i].name, csum);
1892 				break;
1893 			}
1894 		}
1895 		fprintf(stderr, " MODE !INVALID! # %s\n", csum);
1896 		return 0;
1897 	}
1898 
1899 	return ret;
1900 }
1901 
sb_verify_commands(struct sb_image_ctx * ictx,struct sb_section_ctx * sctx,FILE * fp)1902 static int sb_verify_commands(struct sb_image_ctx *ictx,
1903 			      struct sb_section_ctx *sctx, FILE *fp)
1904 {
1905 	unsigned long size, tsize = 0;
1906 	struct sb_cmd_ctx *cctx;
1907 	int ret;
1908 
1909 	sb_aes_reinit(ictx, 0);
1910 
1911 	while (tsize < sctx->size) {
1912 		cctx = calloc(1, sizeof(*cctx));
1913 		if (!cctx)
1914 			return -ENOMEM;
1915 		if (!sctx->cmd_head) {
1916 			sctx->cmd_head = cctx;
1917 			sctx->cmd_tail = cctx;
1918 		} else {
1919 			sctx->cmd_tail->cmd = cctx;
1920 			sctx->cmd_tail = cctx;
1921 		}
1922 
1923 		size = fread(&cctx->c_payload, 1, sizeof(cctx->c_payload), fp);
1924 		if (size != sizeof(cctx->c_payload)) {
1925 			fprintf(stderr, "ERR: SB command header too short!\n");
1926 			return -EINVAL;
1927 		}
1928 
1929 		tsize += size;
1930 
1931 		sb_decrypt_tag(ictx, cctx);
1932 
1933 		ret = sb_verify_command(ictx, cctx, fp, &tsize);
1934 		if (ret)
1935 			return -EINVAL;
1936 	}
1937 
1938 	return 0;
1939 }
1940 
sb_verify_sections_cmds(struct sb_image_ctx * ictx,FILE * fp)1941 static int sb_verify_sections_cmds(struct sb_image_ctx *ictx, FILE *fp)
1942 {
1943 	struct sb_boot_image_header *hdr = &ictx->payload;
1944 	struct sb_sections_header *shdr;
1945 	unsigned int i;
1946 	int ret;
1947 	struct sb_section_ctx *sctx;
1948 	unsigned long size;
1949 	char *bootable = "";
1950 
1951 	soprintf(ictx, "----- Verifying  SB Sections and Commands -----\n");
1952 
1953 	for (i = 0; i < hdr->section_count; i++) {
1954 		sctx = calloc(1, sizeof(*sctx));
1955 		if (!sctx)
1956 			return -ENOMEM;
1957 		if (!ictx->sect_head) {
1958 			ictx->sect_head = sctx;
1959 			ictx->sect_tail = sctx;
1960 		} else {
1961 			ictx->sect_tail->sect = sctx;
1962 			ictx->sect_tail = sctx;
1963 		}
1964 
1965 		size = fread(&sctx->payload, 1, sizeof(sctx->payload), fp);
1966 		if (size != sizeof(sctx->payload)) {
1967 			fprintf(stderr, "ERR: SB section header too short!\n");
1968 			return -EINVAL;
1969 		}
1970 	}
1971 
1972 	size = fread(&ictx->sb_dict_key, 1, sizeof(ictx->sb_dict_key), fp);
1973 	if (size != sizeof(ictx->sb_dict_key)) {
1974 		fprintf(stderr, "ERR: SB key dictionary too short!\n");
1975 		return -EINVAL;
1976 	}
1977 
1978 	sb_encrypt_sb_sections_header(ictx);
1979 	sb_aes_reinit(ictx, 0);
1980 	sb_decrypt_key_dictionary_key(ictx);
1981 
1982 	sb_aes_reinit(ictx, 0);
1983 
1984 	sctx = ictx->sect_head;
1985 	while (sctx) {
1986 		shdr = &sctx->payload;
1987 
1988 		if (shdr->section_flags & SB_SECTION_FLAG_BOOTABLE) {
1989 			sctx->boot = 1;
1990 			bootable = " BOOTABLE";
1991 		}
1992 
1993 		sctx->size = (shdr->section_size * SB_BLOCK_SIZE) +
1994 			     sizeof(struct sb_command);
1995 		soprintf(ictx, "SECTION 0x%x%s # size = %i bytes\n",
1996 			 shdr->section_number, bootable, sctx->size);
1997 
1998 		if (shdr->section_flags & ~SB_SECTION_FLAG_BOOTABLE)
1999 			fprintf(stderr, " WARN: Unknown section flag(s) %08x\n",
2000 				shdr->section_flags);
2001 
2002 		if ((shdr->section_flags & SB_SECTION_FLAG_BOOTABLE) &&
2003 		    (hdr->first_boot_section_id != shdr->section_number)) {
2004 			fprintf(stderr,
2005 				" WARN: Bootable section does ID not match image header ID!\n");
2006 		}
2007 
2008 		ret = sb_verify_commands(ictx, sctx, fp);
2009 		if (ret)
2010 			return ret;
2011 
2012 		sctx = sctx->sect;
2013 	}
2014 
2015 	/*
2016 	 * FIXME IDEA:
2017 	 * check if the first TAG command is at sctx->section_offset
2018 	 */
2019 	return 0;
2020 }
2021 
sb_verify_image_end(struct sb_image_ctx * ictx,FILE * fp,off_t filesz)2022 static int sb_verify_image_end(struct sb_image_ctx *ictx,
2023 			       FILE *fp, off_t filesz)
2024 {
2025 	uint8_t digest[32];
2026 	unsigned long size;
2027 	off_t pos;
2028 	int ret;
2029 
2030 	soprintf(ictx, "------------- Verifying image end -------------\n");
2031 
2032 	size = fread(digest, 1, sizeof(digest), fp);
2033 	if (size != sizeof(digest)) {
2034 		fprintf(stderr, "ERR: SB key dictionary too short!\n");
2035 		return -EINVAL;
2036 	}
2037 
2038 	pos = ftell(fp);
2039 	if (pos != filesz) {
2040 		fprintf(stderr, "ERR: Trailing data past the image!\n");
2041 		return -EINVAL;
2042 	}
2043 
2044 	/* Check the image digest. */
2045 	EVP_DigestFinal(ictx->md_ctx, ictx->digest, NULL);
2046 	EVP_MD_CTX_free(ictx->md_ctx);
2047 
2048 	/* Decrypt the image digest from the input image. */
2049 	sb_aes_reinit(ictx, 0);
2050 	sb_aes_crypt(ictx, digest, digest, sizeof(digest));
2051 
2052 	/* Check all of 20 bytes of the SHA1 hash. */
2053 	ret = memcmp(digest, ictx->digest, 20) ? -EINVAL : 0;
2054 
2055 	if (ret)
2056 		soprintf(ictx, "[FAIL] Full-image checksum:          BAD\n");
2057 	else
2058 		soprintf(ictx, "[PASS] Full-image checksum:          OK\n");
2059 
2060 	return ret;
2061 }
2062 
2063 
sb_build_tree_from_img(struct sb_image_ctx * ictx)2064 static int sb_build_tree_from_img(struct sb_image_ctx *ictx)
2065 {
2066 	long filesize;
2067 	int ret;
2068 	FILE *fp;
2069 
2070 	if (!ictx->input_filename) {
2071 		fprintf(stderr, "ERR: Missing filename!\n");
2072 		return -EINVAL;
2073 	}
2074 
2075 	fp = fopen(ictx->input_filename, "r");
2076 	if (!fp)
2077 		goto err_open;
2078 
2079 	ret = fseek(fp, 0, SEEK_END);
2080 	if (ret < 0)
2081 		goto err_file;
2082 
2083 	filesize = ftell(fp);
2084 	if (filesize < 0)
2085 		goto err_file;
2086 
2087 	ret = fseek(fp, 0, SEEK_SET);
2088 	if (ret < 0)
2089 		goto err_file;
2090 
2091 	if (filesize < (signed)sizeof(ictx->payload)) {
2092 		fprintf(stderr, "ERR: File too short!\n");
2093 		goto err_file;
2094 	}
2095 
2096 	if (filesize & (SB_BLOCK_SIZE - 1)) {
2097 		fprintf(stderr, "ERR: The file is not aligned!\n");
2098 		goto err_file;
2099 	}
2100 
2101 	/* Load and verify image header */
2102 	ret = sb_verify_image_header(ictx, fp, filesize);
2103 	if (ret)
2104 		goto err_verify;
2105 
2106 	/* Load and verify sections and commands */
2107 	ret = sb_verify_sections_cmds(ictx, fp);
2108 	if (ret)
2109 		goto err_verify;
2110 
2111 	ret = sb_verify_image_end(ictx, fp, filesize);
2112 	if (ret)
2113 		goto err_verify;
2114 
2115 	ret = 0;
2116 
2117 err_verify:
2118 	soprintf(ictx, "-------------------- Result -------------------\n");
2119 	soprintf(ictx, "Verification %s\n", ret ? "FAILED" : "PASSED");
2120 
2121 	/* Stop the encryption session. */
2122 	sb_aes_deinit(ictx->cipher_ctx);
2123 
2124 	fclose(fp);
2125 	return ret;
2126 
2127 err_file:
2128 	fclose(fp);
2129 err_open:
2130 	fprintf(stderr, "ERR: Failed to load file \"%s\"\n",
2131 		ictx->input_filename);
2132 	return -EINVAL;
2133 }
2134 
sb_free_image(struct sb_image_ctx * ictx)2135 static void sb_free_image(struct sb_image_ctx *ictx)
2136 {
2137 	struct sb_section_ctx *sctx = ictx->sect_head, *s_head;
2138 	struct sb_dcd_ctx *dctx = ictx->dcd_head, *d_head;
2139 	struct sb_cmd_ctx *cctx, *c_head;
2140 
2141 	while (sctx) {
2142 		s_head = sctx;
2143 		c_head = sctx->cmd_head;
2144 
2145 		while (c_head) {
2146 			cctx = c_head;
2147 			c_head = c_head->cmd;
2148 			if (cctx->data)
2149 				free(cctx->data);
2150 			free(cctx);
2151 		}
2152 
2153 		sctx = sctx->sect;
2154 		free(s_head);
2155 	}
2156 
2157 	while (dctx) {
2158 		d_head = dctx;
2159 		dctx = dctx->dcd;
2160 		free(d_head->payload);
2161 		free(d_head);
2162 	}
2163 }
2164 
2165 /*
2166  * MXSSB-MKIMAGE glue code.
2167  */
mxsimage_check_image_types(uint8_t type)2168 static int mxsimage_check_image_types(uint8_t type)
2169 {
2170 	if (type == IH_TYPE_MXSIMAGE)
2171 		return EXIT_SUCCESS;
2172 	else
2173 		return EXIT_FAILURE;
2174 }
2175 
mxsimage_set_header(void * ptr,struct stat * sbuf,int ifd,struct image_tool_params * params)2176 static void mxsimage_set_header(void *ptr, struct stat *sbuf, int ifd,
2177 				struct image_tool_params *params)
2178 {
2179 }
2180 
mxsimage_check_params(struct image_tool_params * params)2181 int mxsimage_check_params(struct image_tool_params *params)
2182 {
2183 	if (!params)
2184 		return -1;
2185 	if (!strlen(params->imagename)) {
2186 		fprintf(stderr,
2187 			"Error: %s - Configuration file not specified, it is needed for mxsimage generation\n",
2188 			params->cmdname);
2189 		return -1;
2190 	}
2191 
2192 	/*
2193 	 * Check parameters:
2194 	 * XIP is not allowed and verify that incompatible
2195 	 * parameters are not sent at the same time
2196 	 * For example, if list is required a data image must not be provided
2197 	 */
2198 	return	(params->dflag && (params->fflag || params->lflag)) ||
2199 		(params->fflag && (params->dflag || params->lflag)) ||
2200 		(params->lflag && (params->dflag || params->fflag)) ||
2201 		(params->xflag) || !(strlen(params->imagename));
2202 }
2203 
mxsimage_verify_print_header(char * file,int silent)2204 static int mxsimage_verify_print_header(char *file, int silent)
2205 {
2206 	int ret;
2207 	struct sb_image_ctx ctx;
2208 
2209 	memset(&ctx, 0, sizeof(ctx));
2210 
2211 	ctx.input_filename = file;
2212 	ctx.silent_dump = silent;
2213 
2214 	ret = sb_build_tree_from_img(&ctx);
2215 	sb_free_image(&ctx);
2216 
2217 	return ret;
2218 }
2219 
2220 char *imagefile;
mxsimage_verify_header(unsigned char * ptr,int image_size,struct image_tool_params * params)2221 static int mxsimage_verify_header(unsigned char *ptr, int image_size,
2222 			struct image_tool_params *params)
2223 {
2224 	struct sb_boot_image_header *hdr;
2225 
2226 	if (!ptr)
2227 		return -EINVAL;
2228 
2229 	hdr = (struct sb_boot_image_header *)ptr;
2230 
2231 	/*
2232 	 * Check if the header contains the MXS image signatures,
2233 	 * if so, do a full-image verification.
2234 	 */
2235 	if (memcmp(hdr->signature1, "STMP", 4) ||
2236 	    memcmp(hdr->signature2, "sgtl", 4))
2237 		return -EINVAL;
2238 
2239 	imagefile = params->imagefile;
2240 
2241 	return mxsimage_verify_print_header(params->imagefile, 1);
2242 }
2243 
mxsimage_print_header(const void * hdr)2244 static void mxsimage_print_header(const void *hdr)
2245 {
2246 	if (imagefile)
2247 		mxsimage_verify_print_header(imagefile, 0);
2248 }
2249 
sb_build_image(struct sb_image_ctx * ictx,struct image_type_params * tparams)2250 static int sb_build_image(struct sb_image_ctx *ictx,
2251 			  struct image_type_params *tparams)
2252 {
2253 	struct sb_boot_image_header *sb_header = &ictx->payload;
2254 	struct sb_section_ctx *sctx;
2255 	struct sb_cmd_ctx *cctx;
2256 	struct sb_command *ccmd;
2257 	struct sb_key_dictionary_key *sb_dict_key = &ictx->sb_dict_key;
2258 
2259 	uint8_t *image, *iptr;
2260 
2261 	/* Calculate image size. */
2262 	uint32_t size = sizeof(*sb_header) +
2263 		ictx->sect_count * sizeof(struct sb_sections_header) +
2264 		sizeof(*sb_dict_key) + sizeof(ictx->digest);
2265 
2266 	sctx = ictx->sect_head;
2267 	while (sctx) {
2268 		size += sctx->size;
2269 		sctx = sctx->sect;
2270 	};
2271 
2272 	image = malloc(size);
2273 	if (!image)
2274 		return -ENOMEM;
2275 	iptr = image;
2276 
2277 	memcpy(iptr, sb_header, sizeof(*sb_header));
2278 	iptr += sizeof(*sb_header);
2279 
2280 	sctx = ictx->sect_head;
2281 	while (sctx) {
2282 		memcpy(iptr, &sctx->payload, sizeof(struct sb_sections_header));
2283 		iptr += sizeof(struct sb_sections_header);
2284 		sctx = sctx->sect;
2285 	};
2286 
2287 	memcpy(iptr, sb_dict_key, sizeof(*sb_dict_key));
2288 	iptr += sizeof(*sb_dict_key);
2289 
2290 	sctx = ictx->sect_head;
2291 	while (sctx) {
2292 		cctx = sctx->cmd_head;
2293 		while (cctx) {
2294 			ccmd = &cctx->payload;
2295 
2296 			memcpy(iptr, &cctx->c_payload, sizeof(cctx->payload));
2297 			iptr += sizeof(cctx->payload);
2298 
2299 			if (ccmd->header.tag == ROM_LOAD_CMD) {
2300 				memcpy(iptr, cctx->data, cctx->length);
2301 				iptr += cctx->length;
2302 			}
2303 
2304 			cctx = cctx->cmd;
2305 		}
2306 
2307 		sctx = sctx->sect;
2308 	};
2309 
2310 	memcpy(iptr, ictx->digest, sizeof(ictx->digest));
2311 	iptr += sizeof(ictx->digest);
2312 
2313 	/* Configure the mkimage */
2314 	tparams->hdr = image;
2315 	tparams->header_size = size;
2316 
2317 	return 0;
2318 }
2319 
mxsimage_generate(struct image_tool_params * params,struct image_type_params * tparams)2320 static int mxsimage_generate(struct image_tool_params *params,
2321 	struct image_type_params *tparams)
2322 {
2323 	int ret;
2324 	struct sb_image_ctx ctx;
2325 
2326 	/* Do not copy the U-Boot image! */
2327 	params->skipcpy = 1;
2328 
2329 	memset(&ctx, 0, sizeof(ctx));
2330 
2331 	ctx.cfg_filename = params->imagename;
2332 	ctx.output_filename = params->imagefile;
2333 
2334 	ret = sb_build_tree_from_cfg(&ctx);
2335 	if (ret)
2336 		goto fail;
2337 
2338 	ret = sb_encrypt_image(&ctx);
2339 	if (!ret)
2340 		ret = sb_build_image(&ctx, tparams);
2341 
2342 fail:
2343 	sb_free_image(&ctx);
2344 
2345 	return ret;
2346 }
2347 
2348 /*
2349  * mxsimage parameters
2350  */
2351 U_BOOT_IMAGE_TYPE(
2352 	mxsimage,
2353 	"Freescale MXS Boot Image support",
2354 	0,
2355 	NULL,
2356 	mxsimage_check_params,
2357 	mxsimage_verify_header,
2358 	mxsimage_print_header,
2359 	mxsimage_set_header,
2360 	NULL,
2361 	mxsimage_check_image_types,
2362 	NULL,
2363 	mxsimage_generate
2364 );
2365 #endif
2366