From eba3fbd6a12b1c4a75c24135535075f0d0fb8074 Mon Sep 17 00:00:00 2001 From: Andreas Dannenberg Date: Wed, 27 Jul 2016 12:12:39 -0500 Subject: [PATCH] common: image: Add support for post-processing of images This commit allows injecting a board/platform/device-specific post- processing function into the FIT image data loading process, which can include modifying the size and altering the starting source address of an image data artifact. This might be desired to do things like strip headers or footers attached to the images before they were packaged into the FIT, or to perform operations such as decryption or authentication. Introduce new configuration option CONFIG_FIT_IMAGE_POST_PROCESS to allow controlling this feature. If enabled, a platform-specific post- process function must be provided. Signed-off-by: Andreas Dannenberg Reviewed-by: Tom Rini Reviewed-by: Simon Glass --- Kconfig | 14 ++++++++++++++ common/image-fit.c | 26 +++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/Kconfig b/Kconfig index 1119b19..cb5af5b 100644 --- a/Kconfig +++ b/Kconfig @@ -344,6 +344,20 @@ config SPL_FIT_IMAGE_POST_PROCESS injected into the FIT creation (i.e. the blobs would have been pre- processed before being added to the FIT image). +config FIT_IMAGE_POST_PROCESS + bool "Enable post-processing of FIT artifacts after loading by U-Boot" + depends on FIT && TI_SECURE_DEVICE + help + Allows doing any sort of manipulation to blobs after they got extracted + from FIT images like stripping off headers or modifying the size of the + blob, verification, authentication, decryption etc. in a platform or + board specific way. In order to use this feature a platform or board- + specific implementation of board_fit_image_post_process() must be + provided. Also, anything done during this post-processing step would + need to be comprehended in how the images were prepared before being + injected into the FIT creation (i.e. the blobs would have been pre- + processed before being added to the FIT image). + config SYS_CLK_FREQ depends on ARC || ARCH_SUNXI int "CPU clock frequency" diff --git a/common/image-fit.c b/common/image-fit.c index 73ad34e..d8d4e95 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -11,9 +11,9 @@ #ifdef USE_HOSTCC #include "mkimage.h" -#include #include #else +#include #include #include #include @@ -21,6 +21,7 @@ DECLARE_GLOBAL_DATA_PTR; #endif /* !USE_HOSTCC*/ +#include #include #include #include @@ -1507,6 +1508,12 @@ void fit_conf_print(const void *fit, int noffset, const char *p) static int fit_image_select(const void *fit, int rd_noffset, int verify) { +#if !defined(USE_HOSTCC) && defined(CONFIG_FIT_IMAGE_POST_PROCESS) + const void *data; + size_t size; + int ret; +#endif + fit_image_print(fit, rd_noffset, " "); if (verify) { @@ -1518,6 +1525,23 @@ static int fit_image_select(const void *fit, int rd_noffset, int verify) puts("OK\n"); } +#if !defined(USE_HOSTCC) && defined(CONFIG_FIT_IMAGE_POST_PROCESS) + ret = fit_image_get_data(fit, rd_noffset, &data, &size); + if (ret) + return ret; + + /* perform any post-processing on the image data */ + board_fit_image_post_process((void **)&data, &size); + + /* + * update U-Boot's understanding of the "data" property start address + * and size according to the performed post-processing + */ + ret = fdt_setprop((void *)fit, rd_noffset, FIT_DATA_PROP, data, size); + if (ret) + return ret; +#endif + return 0; }