return 0;
}
+/**
+ * Get 'data-size-unciphered' property from a given image node.
+ *
+ * @fit: pointer to the FIT image header
+ * @noffset: component image node offset
+ * @data_size: holds the data-size property
+ *
+ * returns:
+ * 0, on success
+ * -ENOENT if the property could not be found
+ */
+int fit_image_get_data_size_unciphered(const void *fit, int noffset,
+ size_t *data_size)
+{
+ const fdt32_t *val;
+
+ val = fdt_getprop(fit, noffset, "data-size-unciphered", NULL);
+ if (!val)
+ return -ENOENT;
+
+ *data_size = (size_t)fdt32_to_cpu(*val);
+
+ return 0;
+}
+
/**
* fit_image_get_data_and_size - get data and its size including
* both embedded and external data
if (external_data) {
debug("External Data\n");
ret = fit_image_get_data_size(fit, noffset, &len);
- *data = fit + offset;
- *size = len;
+ if (!ret) {
+ *data = fit + offset;
+ *size = len;
+ }
} else {
ret = fit_image_get_data(fit, noffset, data, size);
}
return 0;
}
+/**
+ * fit_image_cipher_get_algo - get cipher algorithm name
+ * @fit: pointer to the FIT format image header
+ * @noffset: cipher node offset
+ * @algo: double pointer to char, will hold pointer to the algorithm name
+ *
+ * fit_image_cipher_get_algo() finds cipher algorithm property in a given
+ * cipher node. If the property is found its data start address is returned
+ * to the caller.
+ *
+ * returns:
+ * 0, on success
+ * -1, on failure
+ */
+int fit_image_cipher_get_algo(const void *fit, int noffset, char **algo)
+{
+ int len;
+
+ *algo = (char *)fdt_getprop(fit, noffset, FIT_ALGO_PROP, &len);
+ if (!*algo) {
+ fit_get_debug(fit, noffset, FIT_ALGO_PROP, len);
+ return -1;
+ }
+
+ return 0;
+}
+
ulong fit_get_end(const void *fit)
{
return map_to_sysmem((void *)(fit + fdt_totalsize(fit)));
int ret;
/* Verify all required signatures */
- if (IMAGE_ENABLE_VERIFY &&
+ if (FIT_IMAGE_ENABLE_VERIFY &&
fit_image_verify_required_sigs(fit, image_noffset, data, size,
gd_fdt_blob(), &verify_all)) {
err_msg = "Unable to verify required signature";
&err_msg))
goto error;
puts("+ ");
- } else if (IMAGE_ENABLE_VERIFY && verify_all &&
+ } else if (FIT_IMAGE_ENABLE_VERIFY && verify_all &&
!strncmp(name, FIT_SIG_NODENAME,
strlen(FIT_SIG_NODENAME))) {
ret = fit_image_check_sig(fit, noffset, data,
return 1;
}
+#ifdef CONFIG_FIT_CIPHER
+static int fit_image_uncipher(const void *fit, int image_noffset,
+ void **data, size_t *size)
+{
+ int cipher_noffset, ret;
+ void *dst;
+ size_t size_dst;
+
+ cipher_noffset = fdt_subnode_offset(fit, image_noffset,
+ FIT_CIPHER_NODENAME);
+ if (cipher_noffset < 0)
+ return 0;
+
+ ret = fit_image_decrypt_data(fit, image_noffset, cipher_noffset,
+ *data, *size, &dst, &size_dst);
+ if (ret)
+ goto out;
+
+ *data = dst;
+ *size = size_dst;
+
+ out:
+ return ret;
+}
+#endif /* CONFIG_FIT_CIPHER */
+
/**
* fit_image_check_os - check whether image node is of a given os type
* @fit: pointer to the FIT format image header
if (image_type == IH_TYPE_KERNEL)
images->fit_uname_cfg = fit_base_uname_config;
- if (IMAGE_ENABLE_VERIFY && images->verify) {
+ if (FIT_IMAGE_ENABLE_VERIFY && images->verify) {
puts(" Verifying Hash Integrity ... ");
if (fit_config_verify(fit, cfg_noffset)) {
puts("Bad Data Hash\n");
return -ENOENT;
}
+#ifdef CONFIG_FIT_CIPHER
+ /* Decrypt data before uncompress/move */
+ if (IMAGE_ENABLE_DECRYPT) {
+ puts(" Decrypting Data ... ");
+ if (fit_image_uncipher(fit, noffset, &buf, &size)) {
+ puts("Error\n");
+ return -EACCES;
+ }
+ puts("OK\n");
+ }
+#endif
+
#if !defined(USE_HOSTCC) && defined(CONFIG_FIT_IMAGE_POST_PROCESS)
/* perform any post-processing on the image data */
board_fit_image_post_process(&buf, &size);
projects / J-u-boot.git / blobdiff