spl: fit: add support for post-processing of images
authorDaniel Allred <d-allred@ti.com>
Mon, 27 Jun 2016 14:19:21 +0000 (09:19 -0500)
committerTom Rini <trini@konsulko.com>
Thu, 14 Jul 2016 22:22:21 +0000 (18:22 -0400)
The next stage boot loader image and the selected FDT can be post-
processed by board/platform/device-specific code, which can include
modifying the size and altering the starting source address before
copying these binary blobs to their final destination. This might be
desired to do things like strip headers or footers attached to the
images before they were packaged into the FIT, or to perform operations
such as decryption or authentication. Introduce new configuration
option CONFIG_SPL_FIT_IMAGE_POST_PROCESS to allow controlling this
feature. If enabled, a platform-specific post-process function must
be provided.

Signed-off-by: Daniel Allred <d-allred@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Kconfig
common/spl/spl_fit.c
include/image.h

diff --git a/Kconfig b/Kconfig
index 3ceff250321e2d3c50575939f100317369247d49..2afbaaf801ad5117d9e74da99a56bea4c292395a 100644 (file)
--- a/Kconfig
+++ b/Kconfig
@@ -313,6 +313,20 @@ config SPL_LOAD_FIT
          particular it can handle selecting from multiple device tree
          and passing the correct one to U-Boot.
 
+config SPL_FIT_IMAGE_POST_PROCESS
+       bool "Enable post-processing of FIT artifacts after loading by the SPL"
+       depends on SPL_LOAD_FIT && TI_SECURE_DEVICE
+       help
+         Allows doing any sort of manipulation to blobs after they got extracted
+         from the U-Boot FIT image like stripping off headers or modifying the
+         size of the blob, verification, authentication, decryption etc. in a
+         platform or board specific way. In order to use this feature a platform
+         or board-specific implementation of board_fit_image_post_process() must
+         be provided. Also, anything done during this post-processing step would
+         need to be comprehended in how the images were prepared before being
+         injected into the FIT creation (i.e. the blobs would have been pre-
+         processed before being added to the FIT image).
+
 config SYS_CLK_FREQ
        depends on ARC || ARCH_SUNXI
        int "CPU clock frequency"
index 987470896c46d28c00561f5ce8f0b002862e353b..069e94d529b380e19abb3f452ab26dd39cdb2354 100644 (file)
@@ -132,7 +132,7 @@ int spl_load_simple_fit(struct spl_load_info *info, ulong sector, void *fit)
        int data_offset, data_size;
        int base_offset, align_len = ARCH_DMA_MINALIGN - 1;
        int src_sector;
-       void *dst;
+       void *dst, *src;
 
        /*
         * Figure out where the external images start. This is the base for the
@@ -206,8 +206,13 @@ int spl_load_simple_fit(struct spl_load_info *info, ulong sector, void *fit)
                return -EIO;
        debug("image: dst=%p, data_offset=%x, size=%x\n", dst, data_offset,
              data_size);
-       memcpy(dst, dst + get_aligned_image_overhead(info, data_offset),
-              data_size);
+       src = dst + get_aligned_image_overhead(info, data_offset);
+
+#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS
+       board_fit_image_post_process((void **)&src, (size_t *)&data_size);
+#endif
+
+       memcpy(dst, src, data_size);
 
        /* Figure out which device tree the board wants to use */
        fdt_len = spl_fit_select_fdt(fit, images, &fdt_offset);
@@ -236,8 +241,14 @@ int spl_load_simple_fit(struct spl_load_info *info, ulong sector, void *fit)
         */
        debug("fdt: dst=%p, data_offset=%x, size=%x\n", dst, fdt_offset,
              fdt_len);
-       memcpy(load_ptr + data_size,
-              dst + get_aligned_image_overhead(info, fdt_offset), fdt_len);
+       src = dst + get_aligned_image_overhead(info, fdt_offset);
+       dst = load_ptr + data_size;
+
+#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS
+       board_fit_image_post_process((void **)&src, (size_t *)&fdt_len);
+#endif
+
+       memcpy(dst, src, fdt_len);
 
        return 0;
 }
index d788c260e30aeebd345bd65fb7144d1cf5c8cdb8..93d39e12e106c54b697411028036fa17279402e3 100644 (file)
@@ -1173,4 +1173,21 @@ void android_print_contents(const struct andr_img_hdr *hdr);
  */
 int board_fit_config_name_match(const char *name);
 
+#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS
+/**
+ * board_fit_image_post_process() - Do any post-process on FIT binary data
+ *
+ * This is used to do any sort of image manipulation, verification, decryption
+ * etc. in a platform or board specific way. Obviously, anything done here would
+ * need to be comprehended in how the images were prepared before being injected
+ * into the FIT creation (i.e. the binary blobs would have been pre-processed
+ * before being added to the FIT image).
+ *
+ * @image: pointer to the image start pointer
+ * @size: pointer to the image size
+ * @return no return value (failure should be handled internally)
+ */
+void board_fit_image_post_process(void **p_image, size_t *p_size);
+#endif /* CONFIG_SPL_FIT_IMAGE_POST_PROCESS */
+
 #endif /* __IMAGE_H__ */