[U-Boot] [PATCH v7] socfpga: Add socfpga preloader signing to mkimage

Charles Manning cdhmanning at gmail.com
Thu Mar 6 03:40:50 CET 2014


Like many platforms, the Altera socfpga platform requires that the
preloader be "signed" in a certain way or the built-in boot ROM will
not boot the code.

This change automatically creates an appropriately signed preloader
from an SPL image.

The signed image includes a CRC which must, of course, be generated
with a CRC generator that the SoCFPGA boot ROM agrees with otherwise
the boot ROM will reject the image.

Unfortunately the CRC used in this boot ROM is not the same as the
Adler CRC in lib/crc32.c. Indeed the Adler code is not technically a
CRC but is more correctly described as a checksum.

Thus, the appropriate CRC generator is added to lib/ as crc32_alt.c.

Signed-off-by: Charles Manning <cdhmanning at gmail.com>
---

Changes for v3:
 - Fix some coding style issues.
 - Move from a standalone tool to the mkimgae framework.

Changes for v4:
 - Fix more coding style issues.
 - Fix typos in Makefile.
 - Rebase on master (previous version was not on master, but on a 
   working socfpga branch).

Changes for v5:
 - Fix more coding style issues.
 - Add some more comments.
 - Remove some unused defines.
 - Move the local CRC32 code into lib/crc32_alt.c.

Changes for v6:
 - Fix more coding style issues.
 - Rejig socfpgaimage_vrec_header() function so that it has one return 
   path and does stricter size checks.

Changes for v7:
 - Use bzlib's crc table instead of adding another one.
 - Use existing code and a packed structure for header marshalling.

Note: Building a SOCFPGA preloader will currently not produce a 
working image if built in master, but that is due to issues in 
building SPL, not in this signer.


 common/image.c         |    1 +
 include/bzlib_crc32.h  |   17 ++++
 include/image.h        |    1 +
 lib/bzlib_crc32.c      |   26 +++++
 spl/Makefile           |    5 +
 tools/Makefile         |    3 +
 tools/bzlib_crc32.c    |    1 +
 tools/bzlib_crctable.c |    1 +
 tools/bzlib_private.h  |    1 +
 tools/imagetool.c      |    2 +
 tools/imagetool.h      |    1 +
 tools/socfpgaimage.c   |  255 ++++++++++++++++++++++++++++++++++++++++++++++++
 12 files changed, 314 insertions(+)
 create mode 100644 include/bzlib_crc32.h
 create mode 100644 lib/bzlib_crc32.c
 create mode 100644 tools/bzlib_crc32.c
 create mode 100644 tools/bzlib_crctable.c
 create mode 100644 tools/bzlib_private.h
 create mode 100644 tools/socfpgaimage.c

diff --git a/common/image.c b/common/image.c
index 9c6bec5..e7dc8cc 100644
--- a/common/image.c
+++ b/common/image.c
@@ -135,6 +135,7 @@ static const table_entry_t uimage_type[] = {
 	{	IH_TYPE_PBLIMAGE,   "pblimage",   "Freescale PBL Boot Image",},
 	{	IH_TYPE_RAMDISK,    "ramdisk",	  "RAMDisk Image",	},
 	{	IH_TYPE_SCRIPT,     "script",	  "Script",		},
+	{	IH_TYPE_SOCFPGAIMAGE,  "socfpgaimage",  "Altera SOCFPGA preloader",},
 	{	IH_TYPE_STANDALONE, "standalone", "Standalone Program", },
 	{	IH_TYPE_UBLIMAGE,   "ublimage",   "Davinci UBL image",},
 	{	IH_TYPE_MXSIMAGE,   "mxsimage",   "Freescale MXS Boot Image",},
diff --git a/include/bzlib_crc32.h b/include/bzlib_crc32.h
new file mode 100644
index 0000000..96d8124
--- /dev/null
+++ b/include/bzlib_crc32.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright (C) 2014 Charles Manning <cdhmanning at gmail.com>
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ *
+ * Note that the CRC is **not** the zlib/Adler crc32 in crc32.c.
+ * It is the CRC-32 used in bzip2, ethernet and elsewhere.
+ */
+
+#ifndef __BZLIB_CRC32_H__
+#define __BZLIB_CRC32_H__
+
+#include <stdint.h>
+
+uint32_t bzlib_crc32(uint32_t crc, const void *_buf, int length);
+
+#endif
diff --git a/include/image.h b/include/image.h
index 6afd57b..bde31d9 100644
--- a/include/image.h
+++ b/include/image.h
@@ -215,6 +215,7 @@ struct lmb;
 #define IH_TYPE_KERNEL_NOLOAD	14	/* OS Kernel Image, can run from any load address */
 #define IH_TYPE_PBLIMAGE	15	/* Freescale PBL Boot Image	*/
 #define IH_TYPE_MXSIMAGE	16	/* Freescale MXSBoot Image	*/
+#define IH_TYPE_SOCFPGAIMAGE	17	/* Altera SOCFPGA Preloader	*/
 
 /*
  * Compression Types
diff --git a/lib/bzlib_crc32.c b/lib/bzlib_crc32.c
new file mode 100644
index 0000000..cc1a8a0
--- /dev/null
+++ b/lib/bzlib_crc32.c
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2014 Charles Manning <cdhmanning at gmail.com>
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ *
+ * This provides a CRC-32 using the tables in bzlib_crctable.c
+ */
+
+#include <bzlib_crc32.h>
+#include "bzlib_private.h"
+
+uint32_t bzlib_crc32(uint32_t crc, const void *_buf, int length)
+{
+	const uint8_t *buf = _buf;
+
+	crc ^= ~0;
+
+	while (length--) {
+		crc = (crc << 8) ^ BZ2_crc32Table[((crc >> 24) ^ *buf) & 0xff];
+		buf++;
+	}
+
+	crc ^= ~0;
+
+	return crc;
+}
diff --git a/spl/Makefile b/spl/Makefile
index 346d0aa..4e0f33f 100644
--- a/spl/Makefile
+++ b/spl/Makefile
@@ -182,6 +182,11 @@ MLO MLO.byteswap: $(obj)/u-boot-spl.bin
 
 ALL-y	+= $(obj)/$(SPL_BIN).bin
 
+$(OBJTREE)/socfpga-signed-preloader.bin: $(obj)/u-boot-spl.bin
+	$(OBJTREE)/tools/mkimage -T socfpgaimage -d $< $@
+
+ALL-$(CONFIG_SOCFPGA) += $(OBJTREE)/socfpga-signed-preloader.bin
+
 ifdef CONFIG_SAMSUNG
 ALL-y	+= $(obj)/$(BOARD)-spl.bin
 endif
diff --git a/tools/Makefile b/tools/Makefile
index dcd49f8..a912093 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -70,6 +70,8 @@ RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := rsa-sign.o
 # common objs for dumpimage and mkimage
 dumpimage-mkimage-objs := aisimage.o \
 			$(FIT_SIG_OBJS-y) \
+			bzlib_crc32.o \
+			bzlib_crctable.o \
 			crc32.o \
 			default_image.o \
 			fit_image.o \
@@ -85,6 +87,7 @@ dumpimage-mkimage-objs := aisimage.o \
 			os_support.o \
 			pblimage.o \
 			sha1.o \
+			socfpgaimage.o \
 			ublimage.o \
 			$(LIBFDT_OBJS) \
 			$(RSA_OBJS-y)
diff --git a/tools/bzlib_crc32.c b/tools/bzlib_crc32.c
new file mode 100644
index 0000000..b7f7aa5
--- /dev/null
+++ b/tools/bzlib_crc32.c
@@ -0,0 +1 @@
+#include "../lib/bzlib_crc32.c"
diff --git a/tools/bzlib_crctable.c b/tools/bzlib_crctable.c
new file mode 100644
index 0000000..53d38ef
--- /dev/null
+++ b/tools/bzlib_crctable.c
@@ -0,0 +1 @@
+#include "../bzlib_crctable.c"
diff --git a/tools/bzlib_private.h b/tools/bzlib_private.h
new file mode 100644
index 0000000..cfb74be
--- /dev/null
+++ b/tools/bzlib_private.h
@@ -0,0 +1 @@
+#include "lib/bzlib_private.h"
diff --git a/tools/imagetool.c b/tools/imagetool.c
index 29d2189..1ef20b1 100644
--- a/tools/imagetool.c
+++ b/tools/imagetool.c
@@ -45,6 +45,8 @@ void register_image_tool(imagetool_register_t image_register)
 	init_ubl_image_type();
 	/* Init Davinci AIS support */
 	init_ais_image_type();
+	/* Init Altera SOCFPGA support */
+	init_socfpga_image_type();
 }
 
 /*
diff --git a/tools/imagetool.h b/tools/imagetool.h
index c2c9aea..c4833b1 100644
--- a/tools/imagetool.h
+++ b/tools/imagetool.h
@@ -167,6 +167,7 @@ void init_mxs_image_type(void);
 void init_fit_image_type(void);
 void init_ubl_image_type(void);
 void init_omap_image_type(void);
+void init_socfpga_image_type(void);
 
 void pbl_load_uboot(int fd, struct image_tool_params *mparams);
 
diff --git a/tools/socfpgaimage.c b/tools/socfpgaimage.c
new file mode 100644
index 0000000..c7ec4d1
--- /dev/null
+++ b/tools/socfpgaimage.c
@@ -0,0 +1,255 @@
+/*
+ * Copyright (C) 2014 Charles Manning <cdhmanning at gmail.com>
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ *
+ * Reference doc http://www.altera.com.cn/literature/hb/cyclone-v/cv_5400A.pdf
+ * Note this doc is not entirely accurate. Of particular interest to us is the
+ * "header" length field being in U32s and not bytes.
+ *
+ * "Header" is a structure of the following format.
+ * this is positioned at 0x40.
+ *
+ * Endian is LSB.
+ *
+ * Offset   Length   Usage
+ * -----------------------
+ *   0x40        4   Validation word 0x31305341
+ *   0x44        1   Version (whatever, zero is fine)
+ *   0x45        1   Flags   (unused, zero is fine)
+ *   0x46        2   Length  (in units of u32, including the end checksum).
+ *   0x48        2   Zero
+ *   0x4A        2   Checksum over the heder. NB Not CRC32
+ *
+ * At the end of the code we have a 32-bit CRC checksum over whole binary
+ * excluding the CRC.
+ *
+ * Note that the CRC used here is **not** the zlib/Adler crc32. It is the
+ * CRC-32 used in bzip2, ethernet and elsewhere.
+ *
+ * The image is padded out to 64k, because that is what is
+ * typically used to write the image to the boot medium.
+ */
+
+#include <bzlib_crc32.h>
+#include "imagetool.h"
+#include <image.h>
+
+#define HEADER_OFFSET	0x40
+#define HEADER_SIZE	0xC
+#define VALIDATION_WORD	0x31305341
+#define PADDED_SIZE	0x10000
+
+/* To allow for adding CRC, the max input size is a bit smaller. */
+#define MAX_INPUT_SIZE	(PADDED_SIZE - sizeof(uint32_t))
+
+static uint8_t buffer[PADDED_SIZE];
+
+static struct {
+	uint32_t validation;
+	uint8_t  version;
+	uint8_t  flags;
+	uint16_t length_u32;
+	uint16_t zero;
+	uint16_t checksum;
+} __attribute__((packed)) header;
+
+/*
+ * The header checksum is just a very simple checksum over
+ * the header area.
+ * There is still a crc32 over the whole lot.
+ */
+static uint16_t hdr_checksum(const uint8_t *buf, int len)
+{
+	uint16_t ret = 0;
+	int i;
+
+	for (i = 0; i < len; i++) {
+		ret += (((uint16_t) *buf) & 0xff);
+		buf++;
+	}
+	return ret;
+}
+
+
+static void build_header(uint8_t *buf,
+			  uint8_t version,
+			  uint8_t flags,
+			  uint16_t length_bytes)
+{
+	header.validation = htole32(VALIDATION_WORD);
+	header.version = version;
+	header.flags = flags;
+	header.length_u32 = htole16(length_bytes/4);
+	header.zero = 0;
+	header.checksum = htole16(hdr_checksum((const uint8_t *)&header, 10));
+
+	memcpy(buf, &header, sizeof(header));
+}
+
+/*
+ * Perform a rudimentary verification of header and return
+ * size of image.
+ */
+static int verify_header(const uint8_t *buf)
+{
+	memcpy(&header, buf, sizeof(header));
+
+	if (le32toh(header.validation) != VALIDATION_WORD)
+		return -1;
+	if (le16toh(header.checksum) !=
+	    hdr_checksum((const uint8_t *)&header, 10))
+		return -1;
+
+	return le16toh(header.length_u32) * 4;
+}
+
+/* Sign the buffer and return the signed buffer size */
+static int sign_buffer(uint8_t *buf,
+			uint8_t version, uint8_t flags,
+			int len, int pad_64k)
+{
+	uint32_t calc_crc;
+
+	/* Align the length up */
+	len = (len + 3) & (~3);
+
+	/* Build header, adding 4 bytes to length to hold the CRC32. */
+	build_header(buf + HEADER_OFFSET,  version, flags, len + 4);
+
+	/* Calculate and apply the CRC */
+	calc_crc = bzlib_crc32(0, buf, len);
+
+	*((uint32_t *)(buf + len)) = htole32(calc_crc);
+
+	if (!pad_64k)
+		return len + 4;
+
+	return PADDED_SIZE;
+}
+
+/* Verify that the buffer looks sane */
+static int verify_buffer(const uint8_t *buf)
+{
+	int len; /* Including 32bit CRC */
+	uint32_t calc_crc;
+	uint32_t buf_crc;
+
+	len = verify_header(buf + HEADER_OFFSET);
+	if (len < 0)
+		return -1;
+	if (len < HEADER_OFFSET || len > PADDED_SIZE)
+		return -1;
+
+	/*
+	 * Adjust length to the base of the CRC.
+	 * Check the CRC.
+	*/
+	len -= 4;
+
+	calc_crc = bzlib_crc32(0, buf, len);
+
+	buf_crc = le32toh(*((uint32_t *)(buf + len)));
+
+	if (buf_crc != calc_crc)
+		return -1;
+
+	return 0;
+}
+
+/* mkimage glue functions */
+static int socfpgaimage_verify_header(unsigned char *ptr, int image_size,
+			struct image_tool_params *params)
+{
+	if (image_size != PADDED_SIZE)
+		return -1;
+
+	return verify_buffer(ptr);
+}
+
+static void socfpgaimage_print_header(const void *ptr)
+{
+	if (verify_buffer(ptr) == 0)
+		printf("Looks like a sane SOCFPGA preloader\n");
+	else
+		printf("Not a sane SOCFPGA preloader\n");
+}
+
+static int socfpgaimage_check_params(struct image_tool_params *params)
+{
+	/* Not sure if we should be accepting fflags */
+	return	(params->dflag && (params->fflag || params->lflag)) ||
+		(params->fflag && (params->dflag || params->lflag)) ||
+		(params->lflag && (params->dflag || params->fflag));
+}
+
+static int socfpgaimage_check_image_types(uint8_t type)
+{
+	if (type == IH_TYPE_SOCFPGAIMAGE)
+		return EXIT_SUCCESS;
+	return EXIT_FAILURE;
+}
+
+/*
+ * To work in with the mkimage framework, we do some ugly stuff...
+ *
+ * First, socfpgaimage_vrec_header() is called.
+ * We prepend a fake header big enough to make the file PADDED_SIZE.
+ * This gives us enough space to do what we want later.
+ *
+ * Next, socfpgaimage_set_header() is called.
+ * We fix up the buffer by moving the image to the start of the buffer.
+ * We now have some room to do what we need (add CRC and padding).
+ */
+
+static int data_size;
+#define FAKE_HEADER_SIZE (PADDED_SIZE - data_size)
+
+static int socfpgaimage_vrec_header(struct image_tool_params *params,
+				struct image_type_params *tparams)
+{
+	struct stat sbuf;
+
+	if (params->datafile &&
+	    stat(params->datafile, &sbuf) == 0 &&
+	    sbuf.st_size <= MAX_INPUT_SIZE) {
+		data_size = sbuf.st_size;
+		tparams->header_size = FAKE_HEADER_SIZE;
+	}
+	return 0;
+}
+
+static void socfpgaimage_set_header(void *ptr, struct stat *sbuf, int ifd,
+				struct image_tool_params *params)
+{
+	uint8_t *buf = (uint8_t *)ptr;
+
+	/*
+	 * This function is called after vrec_header() has been called.
+	 * At this stage we have the FAKE_HEADER_SIZE dummy bytes followed by
+	 * data_size image bytes. Total = PADDED_SIZE.
+	 * We need to fix the buffer by moving the image bytes back to
+	 * the beginning of the buffer, then actually do the signing stuff...
+	 */
+	memmove(buf, buf + FAKE_HEADER_SIZE, data_size);
+	memset(buf + data_size, 0, FAKE_HEADER_SIZE);
+
+	sign_buffer(buf, 0, 0, data_size, 0);
+}
+
+static struct image_type_params socfpgaimage_params = {
+	.name		= "Altera SOCFPGA preloader support",
+	.vrec_header	= socfpgaimage_vrec_header,
+	.header_size	= 0, /* This will be modified by vrec_header() */
+	.hdr		= (void *)buffer,
+	.check_image_type = socfpgaimage_check_image_types,
+	.verify_header	= socfpgaimage_verify_header,
+	.print_header	= socfpgaimage_print_header,
+	.set_header	= socfpgaimage_set_header,
+	.check_params	= socfpgaimage_check_params,
+};
+
+void init_socfpga_image_type(void)
+{
+	register_image_type(&socfpgaimage_params);
+}
-- 
1.7.9.5



More information about the U-Boot mailing list