Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-05-05 19:24:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

spl: implement CRC check on U-Boot uImage

Browse source 
SPL currently does not check uImage CRCs when loading U-Boot.

This patch adds checking the uImage CRC when SPL loads U-Boot. It does
this by reusing the existing config option SPL_CRC32_SUPPORT to allow
leaving out the CRC check on boards where the additional code size or
boot time is a problem (adding the CRC check currently adds ~1.4 kByte
to flash).

The SPL_CRC32_SUPPORT config option now gets enabled by default if SPL
support for legacy images is enabled to check the CRC on all boards
that don't actively take countermeasures.

Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Simon Goldschmidt 2019-02-10 21:34:37 +01:00 committed by Tom Rini
parent 8502fe84a4
commit dae5c2dcdc
3 changed files with 50 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
common/spl/Kconfig
View file

@ -100,6 +100,16 @@ config SPL_LEGACY_IMAGE_SUPPORT
is y. If this is not set, SPL will move on to other available is y. If this is not set, SPL will move on to other available
boot media to find a suitable image. boot media to find a suitable image.
config SPL_LEGACY_IMAGE_CRC_CHECK
bool "Check CRC of Legacy images"
depends on SPL_LEGACY_IMAGE_SUPPORT
select SPL_CRC32_SUPPORT
help
Enable this to check the CRC of Legacy images. While this increases
reliability, it affects both code size and boot duration.
If disabled, Legacy images are booted if the image magic and size
are correct, without further integrity checks.
config SPL_SYS_MALLOC_SIMPLE config SPL_SYS_MALLOC_SIMPLE
bool bool
prompt "Only use malloc_simple functions in the SPL" prompt "Only use malloc_simple functions in the SPL"
@ -236,13 +246,13 @@ config SYS_MMCSD_RAW_MODE_U_BOOT_PARTITION_TYPE
config SPL_CRC32_SUPPORT config SPL_CRC32_SUPPORT
bool "Support CRC32" bool "Support CRC32"
depends on SPL_FIT default y if SPL_LEGACY_IMAGE_SUPPORT
help help
Enable this to support CRC32 in FIT images within SPL. This is a Enable this to support CRC32 in uImages or FIT images within SPL.
32-bit checksum value that can be used to verify images. This is This is a 32-bit checksum value that can be used to verify images.
the least secure type of checksum, suitable for detected For FIT images, this is the least secure type of checksum, suitable
accidental image corruption. For secure applications you should for detected accidental image corruption. For secure applications you
consider SHA1 or SHA256. should consider SHA1 or SHA256.
config SPL_MD5_SUPPORT config SPL_MD5_SUPPORT
bool "Support MD5" bool "Support MD5"

30
common/spl/spl.c
View file

@ -239,6 +239,14 @@ int spl_parse_image_header(struct spl_image_info *spl_image,
#ifdef CONFIG_SPL_LEGACY_IMAGE_SUPPORT #ifdef CONFIG_SPL_LEGACY_IMAGE_SUPPORT
u32 header_size = sizeof(struct image_header); u32 header_size = sizeof(struct image_header);
#ifdef CONFIG_SPL_LEGACY_IMAGE_CRC_CHECK
/* check uImage header CRC */
if (!image_check_hcrc(header)) {
puts("SPL: Image header CRC check failed!\n");
return -EINVAL;
}
#endif
if (spl_image->flags & SPL_COPY_PAYLOAD_ONLY) { if (spl_image->flags & SPL_COPY_PAYLOAD_ONLY) {
/* /*
* On some system (e.g. powerpc), the load-address and * On some system (e.g. powerpc), the load-address and
@ -256,6 +264,13 @@ int spl_parse_image_header(struct spl_image_info *spl_image,
spl_image->size = image_get_data_size(header) + spl_image->size = image_get_data_size(header) +
header_size; header_size;
} }
#ifdef CONFIG_SPL_LEGACY_IMAGE_CRC_CHECK
/* store uImage data length and CRC to check later */
spl_image->dcrc_data = image_get_load(header);
spl_image->dcrc_length = image_get_data_size(header);
spl_image->dcrc = image_get_dcrc(header);
#endif
spl_image->os = image_get_os(header); spl_image->os = image_get_os(header);
spl_image->name = image_get_name(header); spl_image->name = image_get_name(header);
debug(SPL_TPL_PROMPT debug(SPL_TPL_PROMPT
@ -495,12 +510,25 @@ static struct spl_image_loader *spl_ll_find_loader(uint boot_device)
static int spl_load_image(struct spl_image_info *spl_image, static int spl_load_image(struct spl_image_info *spl_image,
struct spl_image_loader *loader) struct spl_image_loader *loader)
{ {
int ret;
struct spl_boot_device bootdev; struct spl_boot_device bootdev;
bootdev.boot_device = loader->boot_device; bootdev.boot_device = loader->boot_device;
bootdev.boot_device_name = NULL; bootdev.boot_device_name = NULL;
return loader->load_image(spl_image, &bootdev); ret = loader->load_image(spl_image, &bootdev);
#ifdef CONFIG_SPL_LEGACY_IMAGE_CRC_CHECK
if (!ret && spl_image->dcrc_length) {
/* check data crc */
ulong dcrc = crc32_wd(0, (unsigned char *)spl_image->dcrc_data,
spl_image->dcrc_length, CHUNKSZ_CRC32);
if (dcrc != spl_image->dcrc) {
puts("SPL: Image data CRC check failed!\n");
ret = -EINVAL;
}
}
#endif
return ret;
} }
/** /**

5
include/spl.h
View file

@ -74,6 +74,11 @@ struct spl_image_info {
u32 size; u32 size;
u32 flags; u32 flags;
void *arg; void *arg;
#ifdef CONFIG_SPL_LEGACY_IMAGE_CRC_CHECK
ulong dcrc_data;
ulong dcrc_length;
ulong dcrc;
#endif
}; };
/* /*