[PATCH RFC 1/9] tools: mkimage: Add Amlogic Boot Image type

Ferass El Hafidi funderscore at postmarketos.org
Wed Sep 10 21:55:56 CEST 2025 

On Wed Sep 10, 2025 at 7:36 PM UTC, Heinrich Schuchardt wrote:
> <...>
>> +static void amlimage_print_header(const void *buf,
>> +				  struct image_tool_params *params)
>> +{
>> +	const struct amlimage_header *hdr = buf + HEADER_OFFSET;
>> +	uint8_t digest[SHA256_SUM_LEN];
>> +	sha256_context ctx;
>> +	bool valid;
>> +
>> +	printf("Amlogic Boot Image %" PRIu8 ".%" PRIu8 "\n",
>> +	       hdr->version_major, hdr->version_minor);
>> +	printf("Total size: %" PRIu32 "\n", hdr->total_size);
>> +	printf("Digest %" PRIu32 ": %" PRIu32 " @ 0x%" PRIx32 "\n",
>> +	       hdr->digest_type, hdr->digest_size, hdr->digest_offset);
>> +	printf("Key %" PRIu32 ": %" PRIu32 " @ 0x%" PRIx32 "\n",
>> +	       hdr->key_type, hdr->key_size, hdr->key_offset);
>> +	printf("Payload %" PRIu32 ": %" PRIu32 " @ 0x%" PRIx32 "\n",
>> +	       hdr->payload_type, hdr->payload_size, hdr->payload_offset);
>> +
>> +	sha256_starts(&ctx);
>
> Please, check the digest type before possibly calculating the wrong digest.
>

As far as I know only 2 digest types are possible, from looking quickly at the
bootROM dump I have:

* SHA256 checksum = normal boot
* RSA signature = secure boot

Secure boot is explicitely not supported in amlimage right now.

>> +	/* Header and data is used as input for sha256 digest */
>> +	sha256_update(&ctx, (void *)hdr, hdr->header_size);
>> +	sha256_update(&ctx, (void *)hdr + hdr->data_offset, hdr->data_size);
>> +	sha256_finish(&ctx, digest);
>> +
>> +	valid = !memcmp((void *)hdr + hdr->digest_offset,
>> +			digest, SHA256_SUM_LEN);
>
> Shouldn't the SHA256 check be in amlimage_verify_header()?
>
>> +
>> +	printf("Data: %" PRIu32 " @ 0x%" PRIx32 " - %s\n",
>> +	       hdr->data_size, hdr->data_offset, valid ? "OK" : "BAD");
>> +}
>> +
>> +static void amlimage_set_header(void *buf, struct stat *sbuf, int ifd,
>> +				struct image_tool_params *params)
>> +{
>> +	struct amlimage_header *hdr = buf + HEADER_OFFSET;
>> +	sha256_context ctx;
>> +
>> +	/* Use header size as initial size */
>> +	hdr->total_size = hdr->header_size;
>> +
>> +	/* Use sha256 digest (normal boot) */
>> +	hdr->digest_type = 0;
>> +	/* The sha256 digest is stored directly following the header */
>> +	hdr->digest_offset = hdr->total_size;
>> +	/* Unknown if this is used as block size instead of digest size */
>> +	hdr->digest_size = 512;
>
> Isn't this simply the SHA512 digest size?
>

As written above, SHA512 does not seem to be supported in the BootROM.

>> +	hdr->total_size += hdr->digest_size;
>> +
>> +	/* Use key as padding so that payload ends up 4K aligned in TZRAM */
>> +	hdr->key_type = 0;
>> +	hdr->key_offset = hdr->total_size;
>> +	hdr->key_size = PAYLOAD_OFFSET - HEADER_OFFSET - hdr->key_offset;
>> +	hdr->total_size += hdr->key_size;
>> +
>> +	/* With padding above payload will have a 0x1000 offset in TZRAM */
>> +	hdr->payload_type = 0;
>> +	hdr->payload_offset = hdr->total_size;
>> +	/* Payload size has already been copied from the variant header */
>> +	hdr->total_size += hdr->payload_size;
>> +
>> +	/* Set the data range to be used as input for sha256 digest */
>> +	hdr->data_offset = hdr->digest_offset + SHA256_SUM_LEN;
>> +	hdr->data_size = hdr->total_size - hdr->data_offset;
>> +
>> +	sha256_starts(&ctx);
>> +	/* Header and data is used as input for sha256 digest */
>> +	sha256_update(&ctx, (void *)hdr, hdr->header_size);
>> +	sha256_update(&ctx, (void *)hdr + hdr->data_offset, hdr->data_size);
>> +	/* Write sha256 digest to the 32 bytes directly following the header */
>> +	sha256_finish(&ctx, (void *)hdr + hdr->digest_offset);
>> +}
>> +
>> +static int amlimage_extract_subimage(void *buf,
>> +				     struct image_tool_params *params)
>> +{
>> +	const struct amlimage_header *hdr = buf + HEADER_OFFSET;
>> +
>> +	/* Save payload as the subimage */
>> +	return imagetool_save_subimage(params->outfile,
>> +				       (ulong)hdr + hdr->payload_offset,
>> +				       hdr->payload_size);
>> +}
>> +
>> +static int amlimage_check_image_type(uint8_t type)
>> +{
>> +	if (type == IH_TYPE_AMLIMAGE)
>> +		return EXIT_SUCCESS;
>
> The image variant should either be checked here or in verify header.
>
> Best regards
>
> Heinrich
>

Thanks.

More information about the U-Boot mailing list