[U-Boot] [PATCH v2 0/14] Enhance fit_check_sign add beaglebone black vboot docs

[U-Boot] [PATCH v2 0/14] Enhance fit_check_sign add beaglebone black vboot docs

[Simon Glass]

The fit_check_sign tool checks that the configuration is correct, but does
not check each image within that configuration. This series adds that
feature, at least for uncompressed images.

In order to arrange this, cmd_bootm.c is split up into three files, one for
the command processing, one for the OS booting and one for the general
bootm processing. Apart from reducing the size of an over-large C file, this
makes it easier to include what is needed for host compilation. As part of
this, Android boot is enabled for sandbox in case someone wants to write
a test for it.

Several people have had difficulty getting verified boot running on their
board with the instructions available. Following on from the previous series
which enabled verified boot on the Beaglebone Black, documentation is added
with a step-by-step guide on how to get this running.

(A few tidy-up patches have been added as requested based on comments on the
beaglebone vboot enablement series)

This series is available at u-boot-x86.git branch 'bone'.

Changes in v2:
- Add update patch to correct and expand -ENOSPC error handling
- Update test output in signature.txt

Simon Glass (14):
  hash: Use uint8_t in preference to u8
  mkimage: Automatically expand FDT in more cases
  fdt: Rename the DEV_TREE_BIN Makefile flag to to EXT_DTB
  tools: Check arguments in fit_check_sign/fit_info
  Reverse the meaning of the fit_config_verify() return code
  bootm: Split out code from cmd_bootm.c
  image: Remove the fit_load_image() property parameter
  bootm: Support android boot on sandbox
  Fix small 'case' typo in image-fit.c
  Avoid including config.h in command.h
  Allow compiling common/bootm.c on with HOSTCC
  bootm: Move decompression code into its own function
  Enhance fit_check_sign to check all images
  Add documentation for verified boot on Beaglebone Black

 Makefile                            |    2 +-
 common/Makefile                     |    2 +-
 common/bootm.c                      |  913 ++++++++++++++++++++++++
 common/bootm_os.c                   |  480 +++++++++++++
 common/cmd_bootm.c                  | 1345 +----------------------------------
 common/cmd_fdt.c                    |    2 +-
 common/hash.c                       |   12 +-
 common/image-fdt.c                  |    1 -
 common/image-fit.c                  |   36 +-
 common/image-sig.c                  |    4 +-
 common/image.c                      |    2 +-
 doc/README.fdt-control              |    4 +-
 doc/uImage.FIT/beaglebone_vboot.txt |  608 ++++++++++++++++
 doc/uImage.FIT/signature.txt        |    3 +
 dts/Makefile                        |    4 +-
 include/bootm.h                     |   57 ++
 include/command.h                   |    1 -
 include/configs/sandbox.h           |    1 +
 include/hash.h                      |    3 +-
 include/image.h                     |   10 +-
 lib/rsa/rsa-sign.c                  |   27 +-
 tools/Makefile                      |    1 +
 tools/fit_check_sign.c              |   17 +-
 tools/fit_info.c                    |   12 +
 tools/image-host.c                  |   16 +-
 25 files changed, 2184 insertions(+), 1379 deletions(-)
 create mode 100644 common/bootm.c
 create mode 100644 common/bootm_os.c
 create mode 100644 doc/uImage.FIT/beaglebone_vboot.txt
 create mode 100644 include/bootm.h

-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 01/14] hash: Use uint8_t in preference to u8

[Simon Glass]

This type is more readily available on the host compiler, so use it instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v2: None

 common/hash.c  | 12 ++++++------
 include/hash.h |  3 ++-
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/common/hash.c b/common/hash.c
index 237bd04..3d95378 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -187,7 +187,7 @@ static struct hash_algo hash_algo[] = {
  * @allow_env_vars:	non-zero to permit storing the result to an
  *			variable environment
  */
-static void store_result(struct hash_algo *algo, const u8 *sum,
+static void store_result(struct hash_algo *algo, const uint8_t *sum,
 			 const char *dest, int allow_env_vars)
 {
 	unsigned int i;
@@ -243,8 +243,8 @@ static void store_result(struct hash_algo *algo, const u8 *sum,
  *			address, and the * prefix is not expected.
  * @return 0 if ok, non-zero on error
  */
-static int parse_verify_sum(struct hash_algo *algo, char *verify_str, u8 *vsum,
-			    int allow_env_vars)
+static int parse_verify_sum(struct hash_algo *algo, char *verify_str,
+			    uint8_t *vsum, int allow_env_vars)
 {
 	int env_var = 0;
 
@@ -311,7 +311,7 @@ int hash_lookup_algo(const char *algo_name, struct hash_algo **algop)
 	return -EPROTONOSUPPORT;
 }
 
-void hash_show(struct hash_algo *algo, ulong addr, ulong len, u8 *output)
+void hash_show(struct hash_algo *algo, ulong addr, ulong len, uint8_t *output)
 {
 	int i;
 
@@ -355,8 +355,8 @@ int hash_command(const char *algo_name, int flags, cmd_tbl_t *cmdtp, int flag,
 
 	if (multi_hash()) {
 		struct hash_algo *algo;
-		u8 output[HASH_MAX_DIGEST_SIZE];
-		u8 vsum[HASH_MAX_DIGEST_SIZE];
+		uint8_t output[HASH_MAX_DIGEST_SIZE];
+		uint8_t vsum[HASH_MAX_DIGEST_SIZE];
 		void *buf;
 
 		if (hash_lookup_algo(algo_name, &algo)) {
diff --git a/include/hash.h b/include/hash.h
index 5cb4dbf..d8ec4f0 100644
--- a/include/hash.h
+++ b/include/hash.h
@@ -139,6 +139,7 @@ int hash_lookup_algo(const char *algo_name, struct hash_algo **algop);
  * @len:		Length of data that was hashed
  * @output:		Hash value to display
  */
-void hash_show(struct hash_algo *algo, ulong addr, ulong len, u8 *output);
+void hash_show(struct hash_algo *algo, ulong addr, ulong len,
+	       uint8_t *output);
 #endif /* !USE_HOSTCC */
 #endif
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 02/14] mkimage: Automatically expand FDT in more cases

[Simon Glass]

The original code did not cover every case and there was a missing negative
sign in one case. Expand the coverage and fix the bug.

Signed-off-by: Simon Glass <sjg@chromium.org>
mkimage: Automatically make space in FDT when full

When adding hashes or signatures, the target FDT may be full. Detect this
and automatically try again after making 1KB of space.

---

Changes in v2:
- Add update patch to correct and expand -ENOSPC error handling

 lib/rsa/rsa-sign.c | 27 ++++++++++++++++++---------
 tools/image-host.c |  4 +++-
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 48f3197..83f5e87 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -405,11 +405,15 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
 	if (parent == -FDT_ERR_NOTFOUND) {
 		parent = fdt_add_subnode(keydest, 0, FIT_SIG_NODENAME);
 		if (parent < 0) {
-			fprintf(stderr, "Couldn't create signature node: %s\n",
-				fdt_strerror(parent));
-			return -EINVAL;
+			ret = parent;
+			if (ret != -FDT_ERR_NOSPACE) {
+				fprintf(stderr, "Couldn't create signature node: %s\n",
+					fdt_strerror(parent));
+			}
 		}
 	}
+	if (ret)
+		goto done;
 
 	/* Either create or overwrite the named key node */
 	snprintf(name, sizeof(name), "key-%s", info->keyname);
@@ -417,18 +421,22 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
 	if (node == -FDT_ERR_NOTFOUND) {
 		node = fdt_add_subnode(keydest, parent, name);
 		if (node < 0) {
-			fprintf(stderr, "Could not create key subnode: %s\n",
-				fdt_strerror(node));
-			return -EINVAL;
+			ret = node;
+			if (ret != -FDT_ERR_NOSPACE) {
+				fprintf(stderr, "Could not create key subnode: %s\n",
+					fdt_strerror(node));
+			}
 		}
 	} else if (node < 0) {
 		fprintf(stderr, "Cannot select keys parent: %s\n",
 			fdt_strerror(node));
-		return -ENOSPC;
+		ret = node;
 	}
 
-	ret = fdt_setprop_string(keydest, node, "key-name-hint",
+	if (!ret) {
+		ret = fdt_setprop_string(keydest, node, "key-name-hint",
 				 info->keyname);
+	}
 	if (!ret)
 		ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
 	if (!ret)
@@ -449,10 +457,11 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
 		ret = fdt_setprop_string(keydest, node, "required",
 					 info->require_keys);
 	}
+done:
 	BN_free(modulus);
 	BN_free(r_squared);
 	if (ret)
-		return ret == FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
+		return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
 
 	return 0;
 }
diff --git a/tools/image-host.c b/tools/image-host.c
index 2be5e80..faeef66 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -609,11 +609,13 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
 	/* Write the public key into the supplied FDT file */
 	if (keydest) {
 		ret = info.algo->add_verify_data(&info, keydest);
+		if (ret == -ENOSPC)
+			return -ENOSPC;
 		if (ret) {
 			printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
 			       node_name, conf_name);
-			return ret == FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
 		}
+		return ret;
 	}
 
 	return 0;
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 03/14] fdt: Rename the DEV_TREE_BIN Makefile flag to to EXT_DTB

[Simon Glass]

This seems like a better name. This is a patch-up to the earlier commit
63b4b5b, and also removes a redundant Makefile change.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v2: None

 Makefile               | 2 +-
 doc/README.fdt-control | 4 ++--
 dts/Makefile           | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Makefile b/Makefile
index 24d9687..8436fda 100644
--- a/Makefile
+++ b/Makefile
@@ -832,7 +832,7 @@ MKIMAGEFLAGS_u-boot.kwb = -n $(srctree)/$(CONFIG_SYS_KWD_CONFIG:"%"=%) \
 MKIMAGEFLAGS_u-boot.pbl = -n $(srctree)/$(CONFIG_SYS_FSL_PBL_RCW:"%"=%) \
 		-R $(srctree)/$(CONFIG_SYS_FSL_PBL_PBI:"%"=%) -T pblimage
 
-u-boot.img u-boot.kwb u-boot.pbl: u-boot$(if $(CONFIG_OF_SEPARATE),-dtb,).bin FORCE
+u-boot.img u-boot.kwb u-boot.pbl: u-boot.bin FORCE
 	$(call if_changed,mkimage)
 
 MKIMAGEFLAGS_u-boot-dtb.img = $(MKIMAGEFLAGS_u-boot.img)
diff --git a/doc/README.fdt-control b/doc/README.fdt-control
index be92d7a..d8fe4a8 100644
--- a/doc/README.fdt-control
+++ b/doc/README.fdt-control
@@ -143,9 +143,9 @@ specify the file to read.
 You cannot use more than one of these options at the same time.
 
 To use a device tree file that you have compiled yourself, pass
-DEV_TREE_BIN=<filename> to 'make', as in:
+EXT_DTB=<filename> to 'make', as in:
 
-	make DEV_TREE_BIN=boot/am335x-boneblack-pubkey.dtb
+	make EXT_DTB=boot/am335x-boneblack-pubkey.dtb
 
 Then U-Boot will copy that file to u-boot.dtb, put it in the .img file
 if used, and u-boot-dtb.bin.
diff --git a/dts/Makefile b/dts/Makefile
index f344efe..d3122aa 100644
--- a/dts/Makefile
+++ b/dts/Makefile
@@ -12,8 +12,8 @@ ifeq ($(DEVICE_TREE),)
 DEVICE_TREE := unset
 endif
 
-ifneq ($(DEV_TREE_BIN),)
-DTB := $(DEV_TREE_BIN)
+ifneq ($(EXT_DTB),)
+DTB := $(EXT_DTB)
 else
 DTB := arch/$(ARCH)/dts/$(DEVICE_TREE).dtb
 endif
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 04/14] tools: Check arguments in fit_check_sign/fit_info

[Simon Glass]

These tools crash if no arguments are provided. Add checks to avoid this.


Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de>
---

Changes in v2: None

 tools/fit_check_sign.c |  9 +++++++++
 tools/fit_info.c       | 12 ++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
index af257cc..e1198bc 100644
--- a/tools/fit_check_sign.c
+++ b/tools/fit_check_sign.c
@@ -62,6 +62,15 @@ int main(int argc, char **argv)
 			break;
 	}
 
+	if (!fdtfile) {
+		fprintf(stderr, "%s: Missing fdt file\n", *argv);
+		usage(*argv);
+	}
+	if (!keyfile) {
+		fprintf(stderr, "%s: Missing key file\n", *argv);
+		usage(*argv);
+	}
+
 	ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false);
 	if (ffd < 0)
 		return EXIT_FAILURE;
diff --git a/tools/fit_info.c b/tools/fit_info.c
index afbed7b..481ac6d 100644
--- a/tools/fit_info.c
+++ b/tools/fit_info.c
@@ -68,6 +68,18 @@ int main(int argc, char **argv)
 			break;
 		}
 
+	if (!fdtfile) {
+		fprintf(stderr, "%s: Missing fdt file\n", *argv);
+		usage(*argv);
+	}
+	if (!nodename) {
+		fprintf(stderr, "%s: Missing node name\n", *argv);
+		usage(*argv);
+	}
+	if (!propertyname) {
+		fprintf(stderr, "%s: Missing property name\n", *argv);
+		usage(*argv);
+	}
 	ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false);
 
 	if (ffd < 0) {
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 05/14] Reverse the meaning of the fit_config_verify() return code

[Simon Glass]

It is more common to have 0 mean OK, and -ve mean error. Change this
function to work the same way to avoid confusion.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v2: None

 common/cmd_fdt.c       | 2 +-
 common/image-fit.c     | 2 +-
 common/image-sig.c     | 4 ++--
 tools/fit_check_sign.c | 3 +--
 4 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/common/cmd_fdt.c b/common/cmd_fdt.c
index a6744ed..f2ad2a3 100644
--- a/common/cmd_fdt.c
+++ b/common/cmd_fdt.c
@@ -612,7 +612,7 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 		}
 
 		ret = fit_config_verify(working_fdt, cfg_noffset);
-		if (ret == 1)
+		if (ret == 0)
 			return CMD_RET_SUCCESS;
 		else
 			return CMD_RET_FAILURE;
diff --git a/common/image-fit.c b/common/image-fit.c
index 732505a..40c7e27 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1534,7 +1534,7 @@ int fit_image_load(bootm_headers_t *images, const char *prop_name, ulong addr,
 			images->fit_uname_cfg = fit_uname_config;
 			if (IMAGE_ENABLE_VERIFY && images->verify) {
 				puts("   Verifying Hash Integrity ... ");
-				if (!fit_config_verify(fit, cfg_noffset)) {
+				if (fit_config_verify(fit, cfg_noffset)) {
 					puts("Bad Data Hash\n");
 					bootstage_error(bootstage_id +
 						BOOTSTAGE_SUB_HASH);
diff --git a/common/image-sig.c b/common/image-sig.c
index 72284eb..48788f9 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -467,6 +467,6 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
 
 int fit_config_verify(const void *fit, int conf_noffset)
 {
-	return !fit_config_verify_required_sigs(fit, conf_noffset,
-						gd_fdt_blob());
+	return fit_config_verify_required_sigs(fit, conf_noffset,
+					       gd_fdt_blob());
 }
diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
index e1198bc..768be2f 100644
--- a/tools/fit_check_sign.c
+++ b/tools/fit_check_sign.c
@@ -80,8 +80,7 @@ int main(int argc, char **argv)
 
 	image_set_host_blob(key_blob);
 	ret = fit_check_sign(fit_blob, key_blob);
-
-	if (ret)
+	if (!ret)
 		ret = EXIT_SUCCESS;
 	else
 		ret = EXIT_FAILURE;
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 06/14] bootm: Split out code from cmd_bootm.c

[Simon Glass]

This file has code in three different categories:
- Command processing
- OS-specific boot code
- Locating images and setting up to boot

Only the first category really belongs in a file called cmd_bootm.c.

Leave the command processing code where it is. Split out the OS-specific
boot code into bootm_os.c. Split out the other code into bootm.c

Header files and extern declarations are tidied but otherwise no code
changes are made, to make it easier to review.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v2: None

 common/Makefile    |    2 +-
 common/bootm.c     |  812 +++++++++++++++++++++++++++++++
 common/bootm_os.c  |  480 +++++++++++++++++++
 common/cmd_bootm.c | 1345 +---------------------------------------------------
 include/bootm.h    |   55 +++
 5 files changed, 1356 insertions(+), 1338 deletions(-)
 create mode 100644 common/bootm.c
 create mode 100644 common/bootm_os.c
 create mode 100644 include/bootm.h

diff --git a/common/Makefile b/common/Makefile
index 391a8d6..f6cd980 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -40,7 +40,7 @@ obj-$(CONFIG_SYS_GENERIC_BOARD) += board_r.o
 
 # core command
 obj-y += cmd_boot.o
-obj-$(CONFIG_CMD_BOOTM) += cmd_bootm.o
+obj-$(CONFIG_CMD_BOOTM) += cmd_bootm.o bootm.o bootm_os.o
 obj-y += cmd_help.o
 obj-y += cmd_version.o
 
diff --git a/common/bootm.c b/common/bootm.c
new file mode 100644
index 0000000..27a7f02
--- /dev/null
+++ b/common/bootm.c
@@ -0,0 +1,812 @@
+/*
+ * (C) Copyright 2000-2009
+ * Wolfgang Denk, DENX Software Engineering, wd at denx.de.
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#include <common.h>
+#include <bootm.h>
+#include <bzlib.h>
+#include <image.h>
+#include <fdt_support.h>
+#include <lmb.h>
+#include <malloc.h>
+#include <asm/io.h>
+#include <linux/lzo.h>
+#include <lzma/LzmaTypes.h>
+#include <lzma/LzmaDec.h>
+#include <lzma/LzmaTools.h>
+
+#if defined(CONFIG_CMD_USB)
+#include <usb.h>
+#endif
+
+DECLARE_GLOBAL_DATA_PTR;
+
+#ifndef CONFIG_SYS_BOOTM_LEN
+/* use 8MByte as default max gunzip size */
+#define CONFIG_SYS_BOOTM_LEN	0x800000
+#endif
+
+#define IH_INITRD_ARCH IH_ARCH_DEFAULT
+
+static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
+				   char * const argv[], bootm_headers_t *images,
+				   ulong *os_data, ulong *os_len);
+
+#ifdef CONFIG_LMB
+static void boot_start_lmb(bootm_headers_t *images)
+{
+	ulong		mem_start;
+	phys_size_t	mem_size;
+
+	lmb_init(&images->lmb);
+
+	mem_start = getenv_bootm_low();
+	mem_size = getenv_bootm_size();
+
+	lmb_add(&images->lmb, (phys_addr_t)mem_start, mem_size);
+
+	arch_lmb_reserve(&images->lmb);
+	board_lmb_reserve(&images->lmb);
+}
+#else
+#define lmb_reserve(lmb, base, size)
+static inline void boot_start_lmb(bootm_headers_t *images) { }
+#endif
+
+static int bootm_start(cmd_tbl_t *cmdtp, int flag, int argc,
+		       char * const argv[])
+{
+	memset((void *)&images, 0, sizeof(images));
+	images.verify = getenv_yesno("verify");
+
+	boot_start_lmb(&images);
+
+	bootstage_mark_name(BOOTSTAGE_ID_BOOTM_START, "bootm_start");
+	images.state = BOOTM_STATE_START;
+
+	return 0;
+}
+
+static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc,
+			 char * const argv[])
+{
+	const void *os_hdr;
+	bool ep_found = false;
+
+	/* get kernel image header, start address and length */
+	os_hdr = boot_get_kernel(cmdtp, flag, argc, argv,
+			&images, &images.os.image_start, &images.os.image_len);
+	if (images.os.image_len == 0) {
+		puts("ERROR: can't get kernel image!\n");
+		return 1;
+	}
+
+	/* get image parameters */
+	switch (genimg_get_format(os_hdr)) {
+#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
+	case IMAGE_FORMAT_LEGACY:
+		images.os.type = image_get_type(os_hdr);
+		images.os.comp = image_get_comp(os_hdr);
+		images.os.os = image_get_os(os_hdr);
+
+		images.os.end = image_get_image_end(os_hdr);
+		images.os.load = image_get_load(os_hdr);
+		break;
+#endif
+#if defined(CONFIG_FIT)
+	case IMAGE_FORMAT_FIT:
+		if (fit_image_get_type(images.fit_hdr_os,
+				       images.fit_noffset_os,
+				       &images.os.type)) {
+			puts("Can't get image type!\n");
+			bootstage_error(BOOTSTAGE_ID_FIT_TYPE);
+			return 1;
+		}
+
+		if (fit_image_get_comp(images.fit_hdr_os,
+				       images.fit_noffset_os,
+				       &images.os.comp)) {
+			puts("Can't get image compression!\n");
+			bootstage_error(BOOTSTAGE_ID_FIT_COMPRESSION);
+			return 1;
+		}
+
+		if (fit_image_get_os(images.fit_hdr_os, images.fit_noffset_os,
+				     &images.os.os)) {
+			puts("Can't get image OS!\n");
+			bootstage_error(BOOTSTAGE_ID_FIT_OS);
+			return 1;
+		}
+
+		images.os.end = fit_get_end(images.fit_hdr_os);
+
+		if (fit_image_get_load(images.fit_hdr_os, images.fit_noffset_os,
+				       &images.os.load)) {
+			puts("Can't get image load address!\n");
+			bootstage_error(BOOTSTAGE_ID_FIT_LOADADDR);
+			return 1;
+		}
+		break;
+#endif
+#ifdef CONFIG_ANDROID_BOOT_IMAGE
+	case IMAGE_FORMAT_ANDROID:
+		images.os.type = IH_TYPE_KERNEL;
+		images.os.comp = IH_COMP_NONE;
+		images.os.os = IH_OS_LINUX;
+		images.ep = images.os.load;
+		ep_found = true;
+
+		images.os.end = android_image_get_end(os_hdr);
+		images.os.load = android_image_get_kload(os_hdr);
+		break;
+#endif
+	default:
+		puts("ERROR: unknown image format type!\n");
+		return 1;
+	}
+
+	/* find kernel entry point */
+	if (images.legacy_hdr_valid) {
+		images.ep = image_get_ep(&images.legacy_hdr_os_copy);
+#if defined(CONFIG_FIT)
+	} else if (images.fit_uname_os) {
+		int ret;
+
+		ret = fit_image_get_entry(images.fit_hdr_os,
+					  images.fit_noffset_os, &images.ep);
+		if (ret) {
+			puts("Can't get entry point property!\n");
+			return 1;
+		}
+#endif
+	} else if (!ep_found) {
+		puts("Could not find kernel entry point!\n");
+		return 1;
+	}
+
+	if (images.os.type == IH_TYPE_KERNEL_NOLOAD) {
+		images.os.load = images.os.image_start;
+		images.ep += images.os.load;
+	}
+
+	images.os.start = (ulong)os_hdr;
+
+	return 0;
+}
+
+static int bootm_find_ramdisk(int flag, int argc, char * const argv[])
+{
+	int ret;
+
+	/* find ramdisk */
+	ret = boot_get_ramdisk(argc, argv, &images, IH_INITRD_ARCH,
+			       &images.rd_start, &images.rd_end);
+	if (ret) {
+		puts("Ramdisk image is corrupt or invalid\n");
+		return 1;
+	}
+
+	return 0;
+}
+
+#if defined(CONFIG_OF_LIBFDT)
+static int bootm_find_fdt(int flag, int argc, char * const argv[])
+{
+	int ret;
+
+	/* find flattened device tree */
+	ret = boot_get_fdt(flag, argc, argv, IH_ARCH_DEFAULT, &images,
+			   &images.ft_addr, &images.ft_len);
+	if (ret) {
+		puts("Could not find a valid device tree\n");
+		return 1;
+	}
+
+	set_working_fdt_addr(images.ft_addr);
+
+	return 0;
+}
+#endif
+
+int bootm_find_ramdisk_fdt(int flag, int argc, char * const argv[])
+{
+	if (bootm_find_ramdisk(flag, argc, argv))
+		return 1;
+
+#if defined(CONFIG_OF_LIBFDT)
+	if (bootm_find_fdt(flag, argc, argv))
+		return 1;
+#endif
+
+	return 0;
+}
+
+static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc,
+			    char * const argv[])
+{
+	if (((images.os.type == IH_TYPE_KERNEL) ||
+	     (images.os.type == IH_TYPE_KERNEL_NOLOAD) ||
+	     (images.os.type == IH_TYPE_MULTI)) &&
+	    (images.os.os == IH_OS_LINUX ||
+		 images.os.os == IH_OS_VXWORKS))
+		return bootm_find_ramdisk_fdt(flag, argc, argv);
+
+	return 0;
+}
+
+static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
+			 int boot_progress)
+{
+	image_info_t os = images->os;
+	uint8_t comp = os.comp;
+	ulong load = os.load;
+	ulong blob_start = os.start;
+	ulong blob_end = os.end;
+	ulong image_start = os.image_start;
+	ulong image_len = os.image_len;
+	__maybe_unused uint unc_len = CONFIG_SYS_BOOTM_LEN;
+	int no_overlap = 0;
+	void *load_buf, *image_buf;
+#if defined(CONFIG_LZMA) || defined(CONFIG_LZO)
+	int ret;
+#endif /* defined(CONFIG_LZMA) || defined(CONFIG_LZO) */
+
+	const char *type_name = genimg_get_type_name(os.type);
+
+	load_buf = map_sysmem(load, unc_len);
+	image_buf = map_sysmem(image_start, image_len);
+	switch (comp) {
+	case IH_COMP_NONE:
+		if (load == image_start) {
+			printf("   XIP %s ... ", type_name);
+			no_overlap = 1;
+		} else {
+			printf("   Loading %s ... ", type_name);
+			memmove_wd(load_buf, image_buf, image_len, CHUNKSZ);
+		}
+		*load_end = load + image_len;
+		break;
+#ifdef CONFIG_GZIP
+	case IH_COMP_GZIP:
+		printf("   Uncompressing %s ... ", type_name);
+		if (gunzip(load_buf, unc_len, image_buf, &image_len) != 0) {
+			puts("GUNZIP: uncompress, out-of-mem or overwrite error - must RESET board to recover\n");
+			if (boot_progress)
+				bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
+			return BOOTM_ERR_RESET;
+		}
+
+		*load_end = load + image_len;
+		break;
+#endif /* CONFIG_GZIP */
+#ifdef CONFIG_BZIP2
+	case IH_COMP_BZIP2:
+		printf("   Uncompressing %s ... ", type_name);
+		/*
+		 * If we've got less than 4 MB of malloc() space,
+		 * use slower decompression algorithm which requires
+		 * at most 2300 KB of memory.
+		 */
+		int i = BZ2_bzBuffToBuffDecompress(load_buf, &unc_len,
+			image_buf, image_len,
+			CONFIG_SYS_MALLOC_LEN < (4096 * 1024), 0);
+		if (i != BZ_OK) {
+			printf("BUNZIP2: uncompress or overwrite error %d - must RESET board to recover\n",
+			       i);
+			if (boot_progress)
+				bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
+			return BOOTM_ERR_RESET;
+		}
+
+		*load_end = load + unc_len;
+		break;
+#endif /* CONFIG_BZIP2 */
+#ifdef CONFIG_LZMA
+	case IH_COMP_LZMA: {
+		SizeT lzma_len = unc_len;
+		printf("   Uncompressing %s ... ", type_name);
+
+		ret = lzmaBuffToBuffDecompress(load_buf, &lzma_len,
+					       image_buf, image_len);
+		unc_len = lzma_len;
+		if (ret != SZ_OK) {
+			printf("LZMA: uncompress or overwrite error %d - must RESET board to recover\n",
+			       ret);
+			bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
+			return BOOTM_ERR_RESET;
+		}
+		*load_end = load + unc_len;
+		break;
+	}
+#endif /* CONFIG_LZMA */
+#ifdef CONFIG_LZO
+	case IH_COMP_LZO: {
+		size_t size = unc_len;
+
+		printf("   Uncompressing %s ... ", type_name);
+
+		ret = lzop_decompress(image_buf, image_len, load_buf, &size);
+		if (ret != LZO_E_OK) {
+			printf("LZO: uncompress or overwrite error %d - must RESET board to recover\n",
+			       ret);
+			if (boot_progress)
+				bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
+			return BOOTM_ERR_RESET;
+		}
+
+		*load_end = load + size;
+		break;
+	}
+#endif /* CONFIG_LZO */
+	default:
+		printf("Unimplemented compression type %d\n", comp);
+		return BOOTM_ERR_UNIMPLEMENTED;
+	}
+
+	flush_cache(load, (*load_end - load) * sizeof(ulong));
+
+	puts("OK\n");
+	debug("   kernel loaded@0x%08lx, end = 0x%08lx\n", load, *load_end);
+	bootstage_mark(BOOTSTAGE_ID_KERNEL_LOADED);
+
+	if (!no_overlap && (load < blob_end) && (*load_end > blob_start)) {
+		debug("images.os.start = 0x%lX, images.os.end = 0x%lx\n",
+		      blob_start, blob_end);
+		debug("images.os.load = 0x%lx, load_end = 0x%lx\n", load,
+		      *load_end);
+
+		/* Check what type of image this is. */
+		if (images->legacy_hdr_valid) {
+			if (image_get_type(&images->legacy_hdr_os_copy)
+					== IH_TYPE_MULTI)
+				puts("WARNING: legacy format multi component image overwritten\n");
+			return BOOTM_ERR_OVERLAP;
+		} else {
+			puts("ERROR: new format image overwritten - must RESET the board to recover\n");
+			bootstage_error(BOOTSTAGE_ID_OVERWRITTEN);
+			return BOOTM_ERR_RESET;
+		}
+	}
+
+	return 0;
+}
+
+/**
+ * bootm_disable_interrupts() - Disable interrupts in preparation for load/boot
+ *
+ * @return interrupt flag (0 if interrupts were disabled, non-zero if they were
+ *	enabled)
+ */
+ulong bootm_disable_interrupts(void)
+{
+	ulong iflag;
+
+	/*
+	 * We have reached the point of no return: we are going to
+	 * overwrite all exception vector code, so we cannot easily
+	 * recover from any failures any more...
+	 */
+	iflag = disable_interrupts();
+#ifdef CONFIG_NETCONSOLE
+	/* Stop the ethernet stack if NetConsole could have left it up */
+	eth_halt();
+	eth_unregister(eth_get_dev());
+#endif
+
+#if defined(CONFIG_CMD_USB)
+	/*
+	 * turn off USB to prevent the host controller from writing to the
+	 * SDRAM while Linux is booting. This could happen (at least for OHCI
+	 * controller), because the HCCA (Host Controller Communication Area)
+	 * lies within the SDRAM and the host controller writes continously to
+	 * this area (as busmaster!). The HccaFrameNumber is for example
+	 * updated every 1 ms within the HCCA structure in SDRAM! For more
+	 * details see the OpenHCI specification.
+	 */
+	usb_stop();
+#endif
+	return iflag;
+}
+
+#if defined(CONFIG_SILENT_CONSOLE) && !defined(CONFIG_SILENT_U_BOOT_ONLY)
+
+#define CONSOLE_ARG     "console="
+#define CONSOLE_ARG_LEN (sizeof(CONSOLE_ARG) - 1)
+
+static void fixup_silent_linux(void)
+{
+	char *buf;
+	const char *env_val;
+	char *cmdline = getenv("bootargs");
+	int want_silent;
+
+	/*
+	 * Only fix cmdline when requested. The environment variable can be:
+	 *
+	 *	no - we never fixup
+	 *	yes - we always fixup
+	 *	unset - we rely on the console silent flag
+	 */
+	want_silent = getenv_yesno("silent_linux");
+	if (want_silent == 0)
+		return;
+	else if (want_silent == -1 && !(gd->flags & GD_FLG_SILENT))
+		return;
+
+	debug("before silent fix-up: %s\n", cmdline);
+	if (cmdline && (cmdline[0] != '\0')) {
+		char *start = strstr(cmdline, CONSOLE_ARG);
+
+		/* Allocate space for maximum possible new command line */
+		buf = malloc(strlen(cmdline) + 1 + CONSOLE_ARG_LEN + 1);
+		if (!buf) {
+			debug("%s: out of memory\n", __func__);
+			return;
+		}
+
+		if (start) {
+			char *end = strchr(start, ' ');
+			int num_start_bytes = start - cmdline + CONSOLE_ARG_LEN;
+
+			strncpy(buf, cmdline, num_start_bytes);
+			if (end)
+				strcpy(buf + num_start_bytes, end);
+			else
+				buf[num_start_bytes] = '\0';
+		} else {
+			sprintf(buf, "%s %s", cmdline, CONSOLE_ARG);
+		}
+		env_val = buf;
+	} else {
+		buf = NULL;
+		env_val = CONSOLE_ARG;
+	}
+
+	setenv("bootargs", env_val);
+	debug("after silent fix-up: %s\n", env_val);
+	free(buf);
+}
+#endif /* CONFIG_SILENT_CONSOLE */
+
+/**
+ * Execute selected states of the bootm command.
+ *
+ * Note the arguments to this state must be the first argument, Any 'bootm'
+ * or sub-command arguments must have already been taken.
+ *
+ * Note that if states contains more than one flag it MUST contain
+ * BOOTM_STATE_START, since this handles and consumes the command line args.
+ *
+ * Also note that aside from boot_os_fn functions and bootm_load_os no other
+ * functions we store the return value of in 'ret' may use a negative return
+ * value, without special handling.
+ *
+ * @param cmdtp		Pointer to bootm command table entry
+ * @param flag		Command flags (CMD_FLAG_...)
+ * @param argc		Number of subcommand arguments (0 = no arguments)
+ * @param argv		Arguments
+ * @param states	Mask containing states to run (BOOTM_STATE_...)
+ * @param images	Image header information
+ * @param boot_progress 1 to show boot progress, 0 to not do this
+ * @return 0 if ok, something else on error. Some errors will cause this
+ *	function to perform a reboot! If states contains BOOTM_STATE_OS_GO
+ *	then the intent is to boot an OS, so this function will not return
+ *	unless the image type is standalone.
+ */
+int do_bootm_states(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[],
+		    int states, bootm_headers_t *images, int boot_progress)
+{
+	boot_os_fn *boot_fn;
+	ulong iflag = 0;
+	int ret = 0, need_boot_fn;
+
+	images->state |= states;
+
+	/*
+	 * Work through the states and see how far we get. We stop on
+	 * any error.
+	 */
+	if (states & BOOTM_STATE_START)
+		ret = bootm_start(cmdtp, flag, argc, argv);
+
+	if (!ret && (states & BOOTM_STATE_FINDOS))
+		ret = bootm_find_os(cmdtp, flag, argc, argv);
+
+	if (!ret && (states & BOOTM_STATE_FINDOTHER)) {
+		ret = bootm_find_other(cmdtp, flag, argc, argv);
+		argc = 0;	/* consume the args */
+	}
+
+	/* Load the OS */
+	if (!ret && (states & BOOTM_STATE_LOADOS)) {
+		ulong load_end;
+
+		iflag = bootm_disable_interrupts();
+		ret = bootm_load_os(images, &load_end, 0);
+		if (ret == 0)
+			lmb_reserve(&images->lmb, images->os.load,
+				    (load_end - images->os.load));
+		else if (ret && ret != BOOTM_ERR_OVERLAP)
+			goto err;
+		else if (ret == BOOTM_ERR_OVERLAP)
+			ret = 0;
+#if defined(CONFIG_SILENT_CONSOLE) && !defined(CONFIG_SILENT_U_BOOT_ONLY)
+		if (images->os.os == IH_OS_LINUX)
+			fixup_silent_linux();
+#endif
+	}
+
+	/* Relocate the ramdisk */
+#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH
+	if (!ret && (states & BOOTM_STATE_RAMDISK)) {
+		ulong rd_len = images->rd_end - images->rd_start;
+
+		ret = boot_ramdisk_high(&images->lmb, images->rd_start,
+			rd_len, &images->initrd_start, &images->initrd_end);
+		if (!ret) {
+			setenv_hex("initrd_start", images->initrd_start);
+			setenv_hex("initrd_end", images->initrd_end);
+		}
+	}
+#endif
+#if defined(CONFIG_OF_LIBFDT) && defined(CONFIG_LMB)
+	if (!ret && (states & BOOTM_STATE_FDT)) {
+		boot_fdt_add_mem_rsv_regions(&images->lmb, images->ft_addr);
+		ret = boot_relocate_fdt(&images->lmb, &images->ft_addr,
+					&images->ft_len);
+	}
+#endif
+
+	/* From now on, we need the OS boot function */
+	if (ret)
+		return ret;
+	boot_fn = bootm_os_get_boot_func(images->os.os);
+	need_boot_fn = states & (BOOTM_STATE_OS_CMDLINE |
+			BOOTM_STATE_OS_BD_T | BOOTM_STATE_OS_PREP |
+			BOOTM_STATE_OS_FAKE_GO | BOOTM_STATE_OS_GO);
+	if (boot_fn == NULL && need_boot_fn) {
+		if (iflag)
+			enable_interrupts();
+		printf("ERROR: booting os '%s' (%d) is not supported\n",
+		       genimg_get_os_name(images->os.os), images->os.os);
+		bootstage_error(BOOTSTAGE_ID_CHECK_BOOT_OS);
+		return 1;
+	}
+
+	/* Call various other states that are not generally used */
+	if (!ret && (states & BOOTM_STATE_OS_CMDLINE))
+		ret = boot_fn(BOOTM_STATE_OS_CMDLINE, argc, argv, images);
+	if (!ret && (states & BOOTM_STATE_OS_BD_T))
+		ret = boot_fn(BOOTM_STATE_OS_BD_T, argc, argv, images);
+	if (!ret && (states & BOOTM_STATE_OS_PREP))
+		ret = boot_fn(BOOTM_STATE_OS_PREP, argc, argv, images);
+
+#ifdef CONFIG_TRACE
+	/* Pretend to run the OS, then run a user command */
+	if (!ret && (states & BOOTM_STATE_OS_FAKE_GO)) {
+		char *cmd_list = getenv("fakegocmd");
+
+		ret = boot_selected_os(argc, argv, BOOTM_STATE_OS_FAKE_GO,
+				images, boot_fn);
+		if (!ret && cmd_list)
+			ret = run_command_list(cmd_list, -1, flag);
+	}
+#endif
+
+	/* Check for unsupported subcommand. */
+	if (ret) {
+		puts("subcommand not supported\n");
+		return ret;
+	}
+
+	/* Now run the OS! We hope this doesn't return */
+	if (!ret && (states & BOOTM_STATE_OS_GO))
+		ret = boot_selected_os(argc, argv, BOOTM_STATE_OS_GO,
+				images, boot_fn);
+
+	/* Deal with any fallout */
+err:
+	if (iflag)
+		enable_interrupts();
+
+	if (ret == BOOTM_ERR_UNIMPLEMENTED)
+		bootstage_error(BOOTSTAGE_ID_DECOMP_UNIMPL);
+	else if (ret == BOOTM_ERR_RESET)
+		do_reset(cmdtp, flag, argc, argv);
+
+	return ret;
+}
+
+#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
+/**
+ * image_get_kernel - verify legacy format kernel image
+ * @img_addr: in RAM address of the legacy format image to be verified
+ * @verify: data CRC verification flag
+ *
+ * image_get_kernel() verifies legacy image integrity and returns pointer to
+ * legacy image header if image verification was completed successfully.
+ *
+ * returns:
+ *     pointer to a legacy image header if valid image was found
+ *     otherwise return NULL
+ */
+static image_header_t *image_get_kernel(ulong img_addr, int verify)
+{
+	image_header_t *hdr = (image_header_t *)img_addr;
+
+	if (!image_check_magic(hdr)) {
+		puts("Bad Magic Number\n");
+		bootstage_error(BOOTSTAGE_ID_CHECK_MAGIC);
+		return NULL;
+	}
+	bootstage_mark(BOOTSTAGE_ID_CHECK_HEADER);
+
+	if (!image_check_hcrc(hdr)) {
+		puts("Bad Header Checksum\n");
+		bootstage_error(BOOTSTAGE_ID_CHECK_HEADER);
+		return NULL;
+	}
+
+	bootstage_mark(BOOTSTAGE_ID_CHECK_CHECKSUM);
+	image_print_contents(hdr);
+
+	if (verify) {
+		puts("   Verifying Checksum ... ");
+		if (!image_check_dcrc(hdr)) {
+			printf("Bad Data CRC\n");
+			bootstage_error(BOOTSTAGE_ID_CHECK_CHECKSUM);
+			return NULL;
+		}
+		puts("OK\n");
+	}
+	bootstage_mark(BOOTSTAGE_ID_CHECK_ARCH);
+
+	if (!image_check_target_arch(hdr)) {
+		printf("Unsupported Architecture 0x%x\n", image_get_arch(hdr));
+		bootstage_error(BOOTSTAGE_ID_CHECK_ARCH);
+		return NULL;
+	}
+	return hdr;
+}
+#endif
+
+/**
+ * boot_get_kernel - find kernel image
+ * @os_data: pointer to a ulong variable, will hold os data start address
+ * @os_len: pointer to a ulong variable, will hold os data length
+ *
+ * boot_get_kernel() tries to find a kernel image, verifies its integrity
+ * and locates kernel data.
+ *
+ * returns:
+ *     pointer to image header if valid image was found, plus kernel start
+ *     address and length, otherwise NULL
+ */
+static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
+				   char * const argv[], bootm_headers_t *images,
+				   ulong *os_data, ulong *os_len)
+{
+#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
+	image_header_t	*hdr;
+#endif
+	ulong		img_addr;
+	const void *buf;
+#if defined(CONFIG_FIT)
+	const char	*fit_uname_config = NULL;
+	const char	*fit_uname_kernel = NULL;
+	int		os_noffset;
+#endif
+
+	/* find out kernel image address */
+	if (argc < 1) {
+		img_addr = load_addr;
+		debug("*  kernel: default image load address = 0x%08lx\n",
+		      load_addr);
+#if defined(CONFIG_FIT)
+	} else if (fit_parse_conf(argv[0], load_addr, &img_addr,
+				  &fit_uname_config)) {
+		debug("*  kernel: config '%s' from image at 0x%08lx\n",
+		      fit_uname_config, img_addr);
+	} else if (fit_parse_subimage(argv[0], load_addr, &img_addr,
+				     &fit_uname_kernel)) {
+		debug("*  kernel: subimage '%s' from image at 0x%08lx\n",
+		      fit_uname_kernel, img_addr);
+#endif
+	} else {
+		img_addr = simple_strtoul(argv[0], NULL, 16);
+		debug("*  kernel: cmdline image address = 0x%08lx\n",
+		      img_addr);
+	}
+
+	bootstage_mark(BOOTSTAGE_ID_CHECK_MAGIC);
+
+	/* copy from dataflash if needed */
+	img_addr = genimg_get_image(img_addr);
+
+	/* check image type, for FIT images get FIT kernel node */
+	*os_data = *os_len = 0;
+	buf = map_sysmem(img_addr, 0);
+	switch (genimg_get_format(buf)) {
+#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
+	case IMAGE_FORMAT_LEGACY:
+		printf("## Booting kernel from Legacy Image@%08lx ...\n",
+		       img_addr);
+		hdr = image_get_kernel(img_addr, images->verify);
+		if (!hdr)
+			return NULL;
+		bootstage_mark(BOOTSTAGE_ID_CHECK_IMAGETYPE);
+
+		/* get os_data and os_len */
+		switch (image_get_type(hdr)) {
+		case IH_TYPE_KERNEL:
+		case IH_TYPE_KERNEL_NOLOAD:
+			*os_data = image_get_data(hdr);
+			*os_len = image_get_data_size(hdr);
+			break;
+		case IH_TYPE_MULTI:
+			image_multi_getimg(hdr, 0, os_data, os_len);
+			break;
+		case IH_TYPE_STANDALONE:
+			*os_data = image_get_data(hdr);
+			*os_len = image_get_data_size(hdr);
+			break;
+		default:
+			printf("Wrong Image Type for %s command\n",
+			       cmdtp->name);
+			bootstage_error(BOOTSTAGE_ID_CHECK_IMAGETYPE);
+			return NULL;
+		}
+
+		/*
+		 * copy image header to allow for image overwrites during
+		 * kernel decompression.
+		 */
+		memmove(&images->legacy_hdr_os_copy, hdr,
+			sizeof(image_header_t));
+
+		/* save pointer to image header */
+		images->legacy_hdr_os = hdr;
+
+		images->legacy_hdr_valid = 1;
+		bootstage_mark(BOOTSTAGE_ID_DECOMP_IMAGE);
+		break;
+#endif
+#if defined(CONFIG_FIT)
+	case IMAGE_FORMAT_FIT:
+		os_noffset = fit_image_load(images, FIT_KERNEL_PROP,
+				img_addr,
+				&fit_uname_kernel, &fit_uname_config,
+				IH_ARCH_DEFAULT, IH_TYPE_KERNEL,
+				BOOTSTAGE_ID_FIT_KERNEL_START,
+				FIT_LOAD_IGNORED, os_data, os_len);
+		if (os_noffset < 0)
+			return NULL;
+
+		images->fit_hdr_os = map_sysmem(img_addr, 0);
+		images->fit_uname_os = fit_uname_kernel;
+		images->fit_uname_cfg = fit_uname_config;
+		images->fit_noffset_os = os_noffset;
+		break;
+#endif
+#ifdef CONFIG_ANDROID_BOOT_IMAGE
+	case IMAGE_FORMAT_ANDROID:
+		printf("## Booting Android Image at 0x%08lx ...\n", img_addr);
+		if (android_image_get_kernel((void *)img_addr, images->verify,
+					     os_data, os_len))
+			return NULL;
+		break;
+#endif
+	default:
+		printf("Wrong Image Format for %s command\n", cmdtp->name);
+		bootstage_error(BOOTSTAGE_ID_FIT_KERNEL_INFO);
+		return NULL;
+	}
+
+	debug("   kernel data at 0x%08lx, len = 0x%08lx (%ld)\n",
+	      *os_data, *os_len, *os_len);
+
+	return buf;
+}
diff --git a/common/bootm_os.c b/common/bootm_os.c
new file mode 100644
index 0000000..f7769ac
--- /dev/null
+++ b/common/bootm_os.c
@@ -0,0 +1,480 @@
+/*
+ * (C) Copyright 2000-2009
+ * Wolfgang Denk, DENX Software Engineering, wd at denx.de.
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#include <common.h>
+#include <bootm.h>
+#include <fdt_support.h>
+#include <libfdt.h>
+#include <malloc.h>
+#include <vxworks.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+static int do_bootm_standalone(int flag, int argc, char * const argv[],
+			       bootm_headers_t *images)
+{
+	char *s;
+	int (*appl)(int, char *const[]);
+
+	/* Don't start if "autostart" is set to "no" */
+	s = getenv("autostart");
+	if ((s != NULL) && !strcmp(s, "no")) {
+		setenv_hex("filesize", images->os.image_len);
+		return 0;
+	}
+	appl = (int (*)(int, char * const []))images->ep;
+	appl(argc, argv);
+	return 0;
+}
+
+/*******************************************************************/
+/* OS booting routines */
+/*******************************************************************/
+
+#if defined(CONFIG_BOOTM_NETBSD) || defined(CONFIG_BOOTM_PLAN9)
+static void copy_args(char *dest, int argc, char * const argv[], char delim)
+{
+	int i;
+
+	for (i = 0; i < argc; i++) {
+		if (i > 0)
+			*dest++ = delim;
+		strcpy(dest, argv[i]);
+		dest += strlen(argv[i]);
+	}
+}
+#endif
+
+#ifdef CONFIG_BOOTM_NETBSD
+static int do_bootm_netbsd(int flag, int argc, char * const argv[],
+			    bootm_headers_t *images)
+{
+	void (*loader)(bd_t *, image_header_t *, char *, char *);
+	image_header_t *os_hdr, *hdr;
+	ulong kernel_data, kernel_len;
+	char *consdev;
+	char *cmdline;
+
+	if (flag != BOOTM_STATE_OS_GO)
+		return 0;
+
+#if defined(CONFIG_FIT)
+	if (!images->legacy_hdr_valid) {
+		fit_unsupported_reset("NetBSD");
+		return 1;
+	}
+#endif
+	hdr = images->legacy_hdr_os;
+
+	/*
+	 * Booting a (NetBSD) kernel image
+	 *
+	 * This process is pretty similar to a standalone application:
+	 * The (first part of an multi-) image must be a stage-2 loader,
+	 * which in turn is responsible for loading & invoking the actual
+	 * kernel.  The only differences are the parameters being passed:
+	 * besides the board info strucure, the loader expects a command
+	 * line, the name of the console device, and (optionally) the
+	 * address of the original image header.
+	 */
+	os_hdr = NULL;
+	if (image_check_type(&images->legacy_hdr_os_copy, IH_TYPE_MULTI)) {
+		image_multi_getimg(hdr, 1, &kernel_data, &kernel_len);
+		if (kernel_len)
+			os_hdr = hdr;
+	}
+
+	consdev = "";
+#if   defined(CONFIG_8xx_CONS_SMC1)
+	consdev = "smc1";
+#elif defined(CONFIG_8xx_CONS_SMC2)
+	consdev = "smc2";
+#elif defined(CONFIG_8xx_CONS_SCC2)
+	consdev = "scc2";
+#elif defined(CONFIG_8xx_CONS_SCC3)
+	consdev = "scc3";
+#endif
+
+	if (argc > 0) {
+		ulong len;
+		int   i;
+
+		for (i = 0, len = 0; i < argc; i += 1)
+			len += strlen(argv[i]) + 1;
+		cmdline = malloc(len);
+		copy_args(cmdline, argc, argv, ' ');
+	} else {
+		cmdline = getenv("bootargs");
+		if (cmdline == NULL)
+			cmdline = "";
+	}
+
+	loader = (void (*)(bd_t *, image_header_t *, char *, char *))images->ep;
+
+	printf("## Transferring control to NetBSD stage-2 loader (at address %08lx) ...\n",
+	       (ulong)loader);
+
+	bootstage_mark(BOOTSTAGE_ID_RUN_OS);
+
+	/*
+	 * NetBSD Stage-2 Loader Parameters:
+	 *   arg[0]: pointer to board info data
+	 *   arg[1]: image load address
+	 *   arg[2]: char pointer to the console device to use
+	 *   arg[3]: char pointer to the boot arguments
+	 */
+	(*loader)(gd->bd, os_hdr, consdev, cmdline);
+
+	return 1;
+}
+#endif /* CONFIG_BOOTM_NETBSD*/
+
+#ifdef CONFIG_LYNXKDI
+static int do_bootm_lynxkdi(int flag, int argc, char * const argv[],
+			     bootm_headers_t *images)
+{
+	image_header_t *hdr = &images->legacy_hdr_os_copy;
+
+	if (flag != BOOTM_STATE_OS_GO)
+		return 0;
+
+#if defined(CONFIG_FIT)
+	if (!images->legacy_hdr_valid) {
+		fit_unsupported_reset("Lynx");
+		return 1;
+	}
+#endif
+
+	lynxkdi_boot((image_header_t *)hdr);
+
+	return 1;
+}
+#endif /* CONFIG_LYNXKDI */
+
+#ifdef CONFIG_BOOTM_RTEMS
+static int do_bootm_rtems(int flag, int argc, char * const argv[],
+			   bootm_headers_t *images)
+{
+	void (*entry_point)(bd_t *);
+
+	if (flag != BOOTM_STATE_OS_GO)
+		return 0;
+
+#if defined(CONFIG_FIT)
+	if (!images->legacy_hdr_valid) {
+		fit_unsupported_reset("RTEMS");
+		return 1;
+	}
+#endif
+
+	entry_point = (void (*)(bd_t *))images->ep;
+
+	printf("## Transferring control to RTEMS (at address %08lx) ...\n",
+	       (ulong)entry_point);
+
+	bootstage_mark(BOOTSTAGE_ID_RUN_OS);
+
+	/*
+	 * RTEMS Parameters:
+	 *   r3: ptr to board info data
+	 */
+	(*entry_point)(gd->bd);
+
+	return 1;
+}
+#endif /* CONFIG_BOOTM_RTEMS */
+
+#if defined(CONFIG_BOOTM_OSE)
+static int do_bootm_ose(int flag, int argc, char * const argv[],
+			   bootm_headers_t *images)
+{
+	void (*entry_point)(void);
+
+	if (flag != BOOTM_STATE_OS_GO)
+		return 0;
+
+#if defined(CONFIG_FIT)
+	if (!images->legacy_hdr_valid) {
+		fit_unsupported_reset("OSE");
+		return 1;
+	}
+#endif
+
+	entry_point = (void (*)(void))images->ep;
+
+	printf("## Transferring control to OSE (at address %08lx) ...\n",
+	       (ulong)entry_point);
+
+	bootstage_mark(BOOTSTAGE_ID_RUN_OS);
+
+	/*
+	 * OSE Parameters:
+	 *   None
+	 */
+	(*entry_point)();
+
+	return 1;
+}
+#endif /* CONFIG_BOOTM_OSE */
+
+#if defined(CONFIG_BOOTM_PLAN9)
+static int do_bootm_plan9(int flag, int argc, char * const argv[],
+			   bootm_headers_t *images)
+{
+	void (*entry_point)(void);
+	char *s;
+
+	if (flag != BOOTM_STATE_OS_GO)
+		return 0;
+
+#if defined(CONFIG_FIT)
+	if (!images->legacy_hdr_valid) {
+		fit_unsupported_reset("Plan 9");
+		return 1;
+	}
+#endif
+
+	/* See README.plan9 */
+	s = getenv("confaddr");
+	if (s != NULL) {
+		char *confaddr = (char *)simple_strtoul(s, NULL, 16);
+
+		if (argc > 0) {
+			copy_args(confaddr, argc, argv, '\n');
+		} else {
+			s = getenv("bootargs");
+			if (s != NULL)
+				strcpy(confaddr, s);
+		}
+	}
+
+	entry_point = (void (*)(void))images->ep;
+
+	printf("## Transferring control to Plan 9 (at address %08lx) ...\n",
+	       (ulong)entry_point);
+
+	bootstage_mark(BOOTSTAGE_ID_RUN_OS);
+
+	/*
+	 * Plan 9 Parameters:
+	 *   None
+	 */
+	(*entry_point)();
+
+	return 1;
+}
+#endif /* CONFIG_BOOTM_PLAN9 */
+
+#if defined(CONFIG_BOOTM_VXWORKS) && \
+	(defined(CONFIG_PPC) || defined(CONFIG_ARM))
+
+void do_bootvx_fdt(bootm_headers_t *images)
+{
+#if defined(CONFIG_OF_LIBFDT)
+	int ret;
+	char *bootline;
+	ulong of_size = images->ft_len;
+	char **of_flat_tree = &images->ft_addr;
+	struct lmb *lmb = &images->lmb;
+
+	if (*of_flat_tree) {
+		boot_fdt_add_mem_rsv_regions(lmb, *of_flat_tree);
+
+		ret = boot_relocate_fdt(lmb, of_flat_tree, &of_size);
+		if (ret)
+			return;
+
+		ret = fdt_add_subnode(*of_flat_tree, 0, "chosen");
+		if ((ret >= 0 || ret == -FDT_ERR_EXISTS)) {
+			bootline = getenv("bootargs");
+			if (bootline) {
+				ret = fdt_find_and_setprop(*of_flat_tree,
+						"/chosen", "bootargs",
+						bootline,
+						strlen(bootline) + 1, 1);
+				if (ret < 0) {
+					printf("## ERROR: %s : %s\n", __func__,
+					       fdt_strerror(ret));
+					return;
+				}
+			}
+		} else {
+			printf("## ERROR: %s : %s\n", __func__,
+			       fdt_strerror(ret));
+			return;
+		}
+	}
+#endif
+
+	boot_prep_vxworks(images);
+
+	bootstage_mark(BOOTSTAGE_ID_RUN_OS);
+
+#if defined(CONFIG_OF_LIBFDT)
+	printf("## Starting vxWorks at 0x%08lx, device tree@0x%08lx ...\n",
+	       (ulong)images->ep, (ulong)*of_flat_tree);
+#else
+	printf("## Starting vxWorks at 0x%08lx\n", (ulong)images->ep);
+#endif
+
+	boot_jump_vxworks(images);
+
+	puts("## vxWorks terminated\n");
+}
+
+static int do_bootm_vxworks(int flag, int argc, char * const argv[],
+			     bootm_headers_t *images)
+{
+	if (flag != BOOTM_STATE_OS_GO)
+		return 0;
+
+#if defined(CONFIG_FIT)
+	if (!images->legacy_hdr_valid) {
+		fit_unsupported_reset("VxWorks");
+		return 1;
+	}
+#endif
+
+	do_bootvx_fdt(images);
+
+	return 1;
+}
+#endif
+
+#if defined(CONFIG_CMD_ELF)
+static int do_bootm_qnxelf(int flag, int argc, char * const argv[],
+			    bootm_headers_t *images)
+{
+	char *local_args[2];
+	char str[16];
+
+	if (flag != BOOTM_STATE_OS_GO)
+		return 0;
+
+#if defined(CONFIG_FIT)
+	if (!images->legacy_hdr_valid) {
+		fit_unsupported_reset("QNX");
+		return 1;
+	}
+#endif
+
+	sprintf(str, "%lx", images->ep); /* write entry-point into string */
+	local_args[0] = argv[0];
+	local_args[1] = str;	/* and provide it via the arguments */
+	do_bootelf(NULL, 0, 2, local_args);
+
+	return 1;
+}
+#endif
+
+#ifdef CONFIG_INTEGRITY
+static int do_bootm_integrity(int flag, int argc, char * const argv[],
+			   bootm_headers_t *images)
+{
+	void (*entry_point)(void);
+
+	if (flag != BOOTM_STATE_OS_GO)
+		return 0;
+
+#if defined(CONFIG_FIT)
+	if (!images->legacy_hdr_valid) {
+		fit_unsupported_reset("INTEGRITY");
+		return 1;
+	}
+#endif
+
+	entry_point = (void (*)(void))images->ep;
+
+	printf("## Transferring control to INTEGRITY (at address %08lx) ...\n",
+	       (ulong)entry_point);
+
+	bootstage_mark(BOOTSTAGE_ID_RUN_OS);
+
+	/*
+	 * INTEGRITY Parameters:
+	 *   None
+	 */
+	(*entry_point)();
+
+	return 1;
+}
+#endif
+
+static boot_os_fn *boot_os[] = {
+	[IH_OS_U_BOOT] = do_bootm_standalone,
+#ifdef CONFIG_BOOTM_LINUX
+	[IH_OS_LINUX] = do_bootm_linux,
+#endif
+#ifdef CONFIG_BOOTM_NETBSD
+	[IH_OS_NETBSD] = do_bootm_netbsd,
+#endif
+#ifdef CONFIG_LYNXKDI
+	[IH_OS_LYNXOS] = do_bootm_lynxkdi,
+#endif
+#ifdef CONFIG_BOOTM_RTEMS
+	[IH_OS_RTEMS] = do_bootm_rtems,
+#endif
+#if defined(CONFIG_BOOTM_OSE)
+	[IH_OS_OSE] = do_bootm_ose,
+#endif
+#if defined(CONFIG_BOOTM_PLAN9)
+	[IH_OS_PLAN9] = do_bootm_plan9,
+#endif
+#if defined(CONFIG_BOOTM_VXWORKS) && \
+	(defined(CONFIG_PPC) || defined(CONFIG_ARM))
+	[IH_OS_VXWORKS] = do_bootm_vxworks,
+#endif
+#if defined(CONFIG_CMD_ELF)
+	[IH_OS_QNX] = do_bootm_qnxelf,
+#endif
+#ifdef CONFIG_INTEGRITY
+	[IH_OS_INTEGRITY] = do_bootm_integrity,
+#endif
+};
+
+/* Allow for arch specific config before we boot */
+static void __arch_preboot_os(void)
+{
+	/* please define platform specific arch_preboot_os() */
+}
+void arch_preboot_os(void) __attribute__((weak, alias("__arch_preboot_os")));
+
+int boot_selected_os(int argc, char * const argv[], int state,
+		     bootm_headers_t *images, boot_os_fn *boot_fn)
+{
+	arch_preboot_os();
+	boot_fn(state, argc, argv, images);
+
+	/* Stand-alone may return when 'autostart' is 'no' */
+	if (images->os.type == IH_TYPE_STANDALONE ||
+	    state == BOOTM_STATE_OS_FAKE_GO) /* We expect to return */
+		return 0;
+	bootstage_error(BOOTSTAGE_ID_BOOT_OS_RETURNED);
+#ifdef DEBUG
+	puts("\n## Control returned to monitor - resetting...\n");
+#endif
+	return BOOTM_ERR_RESET;
+}
+
+boot_os_fn *bootm_os_get_boot_func(int os)
+{
+#ifdef CONFIG_NEEDS_MANUAL_RELOC
+	static bool relocated;
+
+	if (!relocated) {
+		int i;
+
+		/* relocate boot function table */
+		for (i = 0; i < ARRAY_SIZE(boot_os); i++)
+			if (boot_os[i] != NULL)
+				boot_os[i] += gd->reloc_off;
+
+		relocated = true;
+	}
+#endif
+	return boot_os[os];
+}
diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c
index c06f4b7..8b897c8 100644
--- a/common/cmd_bootm.c
+++ b/common/cmd_bootm.c
@@ -5,58 +5,25 @@
  * SPDX-License-Identifier:	GPL-2.0+
  */
 
-
 /*
  * Boot support
  */
 #include <common.h>
-#include <watchdog.h>
+#include <bootm.h>
 #include <command.h>
-#include <image.h>
-#include <malloc.h>
-#include <u-boot/zlib.h>
-#include <bzlib.h>
 #include <environment.h>
+#include <image.h>
 #include <lmb.h>
-#include <linux/ctype.h>
+#include <malloc.h>
+#include <nand.h>
 #include <asm/byteorder.h>
-#include <asm/io.h>
 #include <linux/compiler.h>
-
-#if defined(CONFIG_BOOTM_VXWORKS) && \
-	(defined(CONFIG_PPC) || defined(CONFIG_ARM))
-#include <vxworks.h>
-#endif
-
-#if defined(CONFIG_CMD_USB)
-#include <usb.h>
-#endif
-
-#if defined(CONFIG_OF_LIBFDT)
-#include <libfdt.h>
-#include <fdt_support.h>
-#endif
-
-#ifdef CONFIG_LZMA
-#include <lzma/LzmaTypes.h>
-#include <lzma/LzmaDec.h>
-#include <lzma/LzmaTools.h>
-#endif /* CONFIG_LZMA */
-
-#ifdef CONFIG_LZO
-#include <linux/lzo.h>
-#endif /* CONFIG_LZO */
+#include <linux/ctype.h>
+#include <linux/err.h>
+#include <u-boot/zlib.h>
 
 DECLARE_GLOBAL_DATA_PTR;
 
-#ifndef CONFIG_SYS_BOOTM_LEN
-#define CONFIG_SYS_BOOTM_LEN	0x800000	/* use 8MByte as default max gunzip size */
-#endif
-
-#ifdef CONFIG_BZIP2
-extern void bz_internal_error(int);
-#endif
-
 #if defined(CONFIG_CMD_IMI)
 static int image_info(unsigned long addr);
 #endif
@@ -71,465 +38,8 @@ extern flash_info_t flash_info[]; /* info for FLASH chips */
 static int do_imls(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]);
 #endif
 
-#include <linux/err.h>
-#include <nand.h>
-
-#if defined(CONFIG_SILENT_CONSOLE) && !defined(CONFIG_SILENT_U_BOOT_ONLY)
-static void fixup_silent_linux(void);
-#endif
-
-static int do_bootm_standalone(int flag, int argc, char * const argv[],
-			       bootm_headers_t *images);
-
-static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
-				char * const argv[], bootm_headers_t *images,
-				ulong *os_data, ulong *os_len);
-
-/*
- *  Continue booting an OS image; caller already has:
- *  - copied image header to global variable `header'
- *  - checked header magic number, checksums (both header & image),
- *  - verified image architecture (PPC) and type (KERNEL or MULTI),
- *  - loaded (first part of) image to header load address,
- *  - disabled interrupts.
- *
- * @flag: Flags indicating what to do (BOOTM_STATE_...)
- * @argc: Number of arguments. Note that the arguments are shifted down
- *	 so that 0 is the first argument not processed by U-Boot, and
- *	 argc is adjusted accordingly. This avoids confusion as to how
- *	 many arguments are available for the OS.
- * @images: Pointers to os/initrd/fdt
- * @return 1 on error. On success the OS boots so this function does
- * not return.
- */
-typedef int boot_os_fn(int flag, int argc, char * const argv[],
-			bootm_headers_t *images);
-
-#ifdef CONFIG_BOOTM_LINUX
-extern boot_os_fn do_bootm_linux;
-#endif
-#ifdef CONFIG_BOOTM_NETBSD
-static boot_os_fn do_bootm_netbsd;
-#endif
-#if defined(CONFIG_LYNXKDI)
-static boot_os_fn do_bootm_lynxkdi;
-extern void lynxkdi_boot(image_header_t *);
-#endif
-#ifdef CONFIG_BOOTM_RTEMS
-static boot_os_fn do_bootm_rtems;
-#endif
-#if defined(CONFIG_BOOTM_OSE)
-static boot_os_fn do_bootm_ose;
-#endif
-#if defined(CONFIG_BOOTM_PLAN9)
-static boot_os_fn do_bootm_plan9;
-#endif
-#if defined(CONFIG_BOOTM_VXWORKS) && \
-	(defined(CONFIG_PPC) || defined(CONFIG_ARM))
-static boot_os_fn do_bootm_vxworks;
-#endif
-#if defined(CONFIG_CMD_ELF)
-static boot_os_fn do_bootm_qnxelf;
-int do_bootvx(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]);
-int do_bootelf(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]);
-#endif
-#if defined(CONFIG_INTEGRITY)
-static boot_os_fn do_bootm_integrity;
-#endif
-
-static boot_os_fn *boot_os[] = {
-	[IH_OS_U_BOOT] = do_bootm_standalone,
-#ifdef CONFIG_BOOTM_LINUX
-	[IH_OS_LINUX] = do_bootm_linux,
-#endif
-#ifdef CONFIG_BOOTM_NETBSD
-	[IH_OS_NETBSD] = do_bootm_netbsd,
-#endif
-#ifdef CONFIG_LYNXKDI
-	[IH_OS_LYNXOS] = do_bootm_lynxkdi,
-#endif
-#ifdef CONFIG_BOOTM_RTEMS
-	[IH_OS_RTEMS] = do_bootm_rtems,
-#endif
-#if defined(CONFIG_BOOTM_OSE)
-	[IH_OS_OSE] = do_bootm_ose,
-#endif
-#if defined(CONFIG_BOOTM_PLAN9)
-	[IH_OS_PLAN9] = do_bootm_plan9,
-#endif
-#if defined(CONFIG_BOOTM_VXWORKS) && \
-	(defined(CONFIG_PPC) || defined(CONFIG_ARM))
-	[IH_OS_VXWORKS] = do_bootm_vxworks,
-#endif
-#if defined(CONFIG_CMD_ELF)
-	[IH_OS_QNX] = do_bootm_qnxelf,
-#endif
-#ifdef CONFIG_INTEGRITY
-	[IH_OS_INTEGRITY] = do_bootm_integrity,
-#endif
-};
-
 bootm_headers_t images;		/* pointers to os/initrd/fdt images */
 
-/* Allow for arch specific config before we boot */
-static void __arch_preboot_os(void)
-{
-	/* please define platform specific arch_preboot_os() */
-}
-void arch_preboot_os(void) __attribute__((weak, alias("__arch_preboot_os")));
-
-#define IH_INITRD_ARCH IH_ARCH_DEFAULT
-
-#ifdef CONFIG_LMB
-static void boot_start_lmb(bootm_headers_t *images)
-{
-	ulong		mem_start;
-	phys_size_t	mem_size;
-
-	lmb_init(&images->lmb);
-
-	mem_start = getenv_bootm_low();
-	mem_size = getenv_bootm_size();
-
-	lmb_add(&images->lmb, (phys_addr_t)mem_start, mem_size);
-
-	arch_lmb_reserve(&images->lmb);
-	board_lmb_reserve(&images->lmb);
-}
-#else
-#define lmb_reserve(lmb, base, size)
-static inline void boot_start_lmb(bootm_headers_t *images) { }
-#endif
-
-static int bootm_start(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
-{
-	memset((void *)&images, 0, sizeof(images));
-	images.verify = getenv_yesno("verify");
-
-	boot_start_lmb(&images);
-
-	bootstage_mark_name(BOOTSTAGE_ID_BOOTM_START, "bootm_start");
-	images.state = BOOTM_STATE_START;
-
-	return 0;
-}
-
-static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc,
-			 char * const argv[])
-{
-	const void *os_hdr;
-	bool ep_found = false;
-
-	/* get kernel image header, start address and length */
-	os_hdr = boot_get_kernel(cmdtp, flag, argc, argv,
-			&images, &images.os.image_start, &images.os.image_len);
-	if (images.os.image_len == 0) {
-		puts("ERROR: can't get kernel image!\n");
-		return 1;
-	}
-
-	/* get image parameters */
-	switch (genimg_get_format(os_hdr)) {
-#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
-	case IMAGE_FORMAT_LEGACY:
-		images.os.type = image_get_type(os_hdr);
-		images.os.comp = image_get_comp(os_hdr);
-		images.os.os = image_get_os(os_hdr);
-
-		images.os.end = image_get_image_end(os_hdr);
-		images.os.load = image_get_load(os_hdr);
-		break;
-#endif
-#if defined(CONFIG_FIT)
-	case IMAGE_FORMAT_FIT:
-		if (fit_image_get_type(images.fit_hdr_os,
-					images.fit_noffset_os, &images.os.type)) {
-			puts("Can't get image type!\n");
-			bootstage_error(BOOTSTAGE_ID_FIT_TYPE);
-			return 1;
-		}
-
-		if (fit_image_get_comp(images.fit_hdr_os,
-					images.fit_noffset_os, &images.os.comp)) {
-			puts("Can't get image compression!\n");
-			bootstage_error(BOOTSTAGE_ID_FIT_COMPRESSION);
-			return 1;
-		}
-
-		if (fit_image_get_os(images.fit_hdr_os,
-					images.fit_noffset_os, &images.os.os)) {
-			puts("Can't get image OS!\n");
-			bootstage_error(BOOTSTAGE_ID_FIT_OS);
-			return 1;
-		}
-
-		images.os.end = fit_get_end(images.fit_hdr_os);
-
-		if (fit_image_get_load(images.fit_hdr_os, images.fit_noffset_os,
-					&images.os.load)) {
-			puts("Can't get image load address!\n");
-			bootstage_error(BOOTSTAGE_ID_FIT_LOADADDR);
-			return 1;
-		}
-		break;
-#endif
-#ifdef CONFIG_ANDROID_BOOT_IMAGE
-	case IMAGE_FORMAT_ANDROID:
-		images.os.type = IH_TYPE_KERNEL;
-		images.os.comp = IH_COMP_NONE;
-		images.os.os = IH_OS_LINUX;
-		images.ep = images.os.load;
-		ep_found = true;
-
-		images.os.end = android_image_get_end(os_hdr);
-		images.os.load = android_image_get_kload(os_hdr);
-		break;
-#endif
-	default:
-		puts("ERROR: unknown image format type!\n");
-		return 1;
-	}
-
-	/* find kernel entry point */
-	if (images.legacy_hdr_valid) {
-		images.ep = image_get_ep(&images.legacy_hdr_os_copy);
-#if defined(CONFIG_FIT)
-	} else if (images.fit_uname_os) {
-		int ret;
-
-		ret = fit_image_get_entry(images.fit_hdr_os,
-					  images.fit_noffset_os, &images.ep);
-		if (ret) {
-			puts("Can't get entry point property!\n");
-			return 1;
-		}
-#endif
-	} else if (!ep_found) {
-		puts("Could not find kernel entry point!\n");
-		return 1;
-	}
-
-	if (images.os.type == IH_TYPE_KERNEL_NOLOAD) {
-		images.os.load = images.os.image_start;
-		images.ep += images.os.load;
-	}
-
-	images.os.start = (ulong)os_hdr;
-
-	return 0;
-}
-
-static int bootm_find_ramdisk(int flag, int argc, char * const argv[])
-{
-	int ret;
-
-	/* find ramdisk */
-	ret = boot_get_ramdisk(argc, argv, &images, IH_INITRD_ARCH,
-			       &images.rd_start, &images.rd_end);
-	if (ret) {
-		puts("Ramdisk image is corrupt or invalid\n");
-		return 1;
-	}
-
-	return 0;
-}
-
-#if defined(CONFIG_OF_LIBFDT)
-static int bootm_find_fdt(int flag, int argc, char * const argv[])
-{
-	int ret;
-
-	/* find flattened device tree */
-	ret = boot_get_fdt(flag, argc, argv, IH_ARCH_DEFAULT, &images,
-			   &images.ft_addr, &images.ft_len);
-	if (ret) {
-		puts("Could not find a valid device tree\n");
-		return 1;
-	}
-
-	set_working_fdt_addr(images.ft_addr);
-
-	return 0;
-}
-#endif
-
-static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc,
-			    char * const argv[])
-{
-	if (((images.os.type == IH_TYPE_KERNEL) ||
-	     (images.os.type == IH_TYPE_KERNEL_NOLOAD) ||
-	     (images.os.type == IH_TYPE_MULTI)) &&
-	    (images.os.os == IH_OS_LINUX ||
-		 images.os.os == IH_OS_VXWORKS)) {
-		if (bootm_find_ramdisk(flag, argc, argv))
-			return 1;
-
-#if defined(CONFIG_OF_LIBFDT)
-		if (bootm_find_fdt(flag, argc, argv))
-			return 1;
-#endif
-	}
-
-	return 0;
-}
-
-#define BOOTM_ERR_RESET		-1
-#define BOOTM_ERR_OVERLAP	-2
-#define BOOTM_ERR_UNIMPLEMENTED	-3
-static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
-		int boot_progress)
-{
-	image_info_t os = images->os;
-	uint8_t comp = os.comp;
-	ulong load = os.load;
-	ulong blob_start = os.start;
-	ulong blob_end = os.end;
-	ulong image_start = os.image_start;
-	ulong image_len = os.image_len;
-	__maybe_unused uint unc_len = CONFIG_SYS_BOOTM_LEN;
-	int no_overlap = 0;
-	void *load_buf, *image_buf;
-#if defined(CONFIG_LZMA) || defined(CONFIG_LZO)
-	int ret;
-#endif /* defined(CONFIG_LZMA) || defined(CONFIG_LZO) */
-
-	const char *type_name = genimg_get_type_name(os.type);
-
-	load_buf = map_sysmem(load, unc_len);
-	image_buf = map_sysmem(image_start, image_len);
-	switch (comp) {
-	case IH_COMP_NONE:
-		if (load == image_start) {
-			printf("   XIP %s ... ", type_name);
-			no_overlap = 1;
-		} else {
-			printf("   Loading %s ... ", type_name);
-			memmove_wd(load_buf, image_buf, image_len, CHUNKSZ);
-		}
-		*load_end = load + image_len;
-		break;
-#ifdef CONFIG_GZIP
-	case IH_COMP_GZIP:
-		printf("   Uncompressing %s ... ", type_name);
-		if (gunzip(load_buf, unc_len, image_buf, &image_len) != 0) {
-			puts("GUNZIP: uncompress, out-of-mem or overwrite "
-				"error - must RESET board to recover\n");
-			if (boot_progress)
-				bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
-			return BOOTM_ERR_RESET;
-		}
-
-		*load_end = load + image_len;
-		break;
-#endif /* CONFIG_GZIP */
-#ifdef CONFIG_BZIP2
-	case IH_COMP_BZIP2:
-		printf("   Uncompressing %s ... ", type_name);
-		/*
-		 * If we've got less than 4 MB of malloc() space,
-		 * use slower decompression algorithm which requires
-		 * at most 2300 KB of memory.
-		 */
-		int i = BZ2_bzBuffToBuffDecompress(load_buf, &unc_len,
-			image_buf, image_len,
-			CONFIG_SYS_MALLOC_LEN < (4096 * 1024), 0);
-		if (i != BZ_OK) {
-			printf("BUNZIP2: uncompress or overwrite error %d "
-				"- must RESET board to recover\n", i);
-			if (boot_progress)
-				bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
-			return BOOTM_ERR_RESET;
-		}
-
-		*load_end = load + unc_len;
-		break;
-#endif /* CONFIG_BZIP2 */
-#ifdef CONFIG_LZMA
-	case IH_COMP_LZMA: {
-		SizeT lzma_len = unc_len;
-		printf("   Uncompressing %s ... ", type_name);
-
-		ret = lzmaBuffToBuffDecompress(load_buf, &lzma_len,
-					       image_buf, image_len);
-		unc_len = lzma_len;
-		if (ret != SZ_OK) {
-			printf("LZMA: uncompress or overwrite error %d "
-				"- must RESET board to recover\n", ret);
-			bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
-			return BOOTM_ERR_RESET;
-		}
-		*load_end = load + unc_len;
-		break;
-	}
-#endif /* CONFIG_LZMA */
-#ifdef CONFIG_LZO
-	case IH_COMP_LZO: {
-		size_t size = unc_len;
-
-		printf("   Uncompressing %s ... ", type_name);
-
-		ret = lzop_decompress(image_buf, image_len, load_buf, &size);
-		if (ret != LZO_E_OK) {
-			printf("LZO: uncompress or overwrite error %d "
-			      "- must RESET board to recover\n", ret);
-			if (boot_progress)
-				bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
-			return BOOTM_ERR_RESET;
-		}
-
-		*load_end = load + size;
-		break;
-	}
-#endif /* CONFIG_LZO */
-	default:
-		printf("Unimplemented compression type %d\n", comp);
-		return BOOTM_ERR_UNIMPLEMENTED;
-	}
-
-	flush_cache(load, (*load_end - load) * sizeof(ulong));
-
-	puts("OK\n");
-	debug("   kernel loaded@0x%08lx, end = 0x%08lx\n", load, *load_end);
-	bootstage_mark(BOOTSTAGE_ID_KERNEL_LOADED);
-
-	if (!no_overlap && (load < blob_end) && (*load_end > blob_start)) {
-		debug("images.os.start = 0x%lX, images.os.end = 0x%lx\n",
-			blob_start, blob_end);
-		debug("images.os.load = 0x%lx, load_end = 0x%lx\n", load,
-			*load_end);
-
-		/* Check what type of image this is. */
-		if (images->legacy_hdr_valid) {
-			if (image_get_type(&images->legacy_hdr_os_copy)
-					== IH_TYPE_MULTI)
-				puts("WARNING: legacy format multi component image overwritten\n");
-			return BOOTM_ERR_OVERLAP;
-		} else {
-			puts("ERROR: new format image overwritten - must RESET the board to recover\n");
-			bootstage_error(BOOTSTAGE_ID_OVERWRITTEN);
-			return BOOTM_ERR_RESET;
-		}
-	}
-
-	return 0;
-}
-
-static int do_bootm_standalone(int flag, int argc, char * const argv[],
-			       bootm_headers_t *images)
-{
-	char  *s;
-	int   (*appl)(int, char * const []);
-
-	/* Don't start if "autostart" is set to "no" */
-	if (((s = getenv("autostart")) != NULL) && (strcmp(s, "no") == 0)) {
-		setenv_hex("filesize", images->os.image_len);
-		return 0;
-	}
-	appl = (int (*)(int, char * const []))images->ep;
-	appl(argc, argv);
-	return 0;
-}
-
 /* we overload the cmd field with our state machine info instead of a
  * function pointer */
 static cmd_tbl_t cmd_bootm_sub[] = {
@@ -548,210 +58,6 @@ static cmd_tbl_t cmd_bootm_sub[] = {
 	U_BOOT_CMD_MKENT(go, 0, 1, (void *)BOOTM_STATE_OS_GO, "", ""),
 };
 
-static int boot_selected_os(int argc, char * const argv[], int state,
-		bootm_headers_t *images, boot_os_fn *boot_fn)
-{
-	arch_preboot_os();
-	boot_fn(state, argc, argv, images);
-
-	/* Stand-alone may return when 'autostart' is 'no' */
-	if (images->os.type == IH_TYPE_STANDALONE ||
-	    state == BOOTM_STATE_OS_FAKE_GO) /* We expect to return */
-		return 0;
-	bootstage_error(BOOTSTAGE_ID_BOOT_OS_RETURNED);
-#ifdef DEBUG
-	puts("\n## Control returned to monitor - resetting...\n");
-#endif
-	return BOOTM_ERR_RESET;
-}
-
-/**
- * bootm_disable_interrupts() - Disable interrupts in preparation for load/boot
- *
- * @return interrupt flag (0 if interrupts were disabled, non-zero if they were
- *	enabled)
- */
-static ulong bootm_disable_interrupts(void)
-{
-	ulong iflag;
-
-	/*
-	 * We have reached the point of no return: we are going to
-	 * overwrite all exception vector code, so we cannot easily
-	 * recover from any failures any more...
-	 */
-	iflag = disable_interrupts();
-#ifdef CONFIG_NETCONSOLE
-	/* Stop the ethernet stack if NetConsole could have left it up */
-	eth_halt();
-	eth_unregister(eth_get_dev());
-#endif
-
-#if defined(CONFIG_CMD_USB)
-	/*
-	 * turn off USB to prevent the host controller from writing to the
-	 * SDRAM while Linux is booting. This could happen (at least for OHCI
-	 * controller), because the HCCA (Host Controller Communication Area)
-	 * lies within the SDRAM and the host controller writes continously to
-	 * this area (as busmaster!). The HccaFrameNumber is for example
-	 * updated every 1 ms within the HCCA structure in SDRAM! For more
-	 * details see the OpenHCI specification.
-	 */
-	usb_stop();
-#endif
-	return iflag;
-}
-
-/**
- * Execute selected states of the bootm command.
- *
- * Note the arguments to this state must be the first argument, Any 'bootm'
- * or sub-command arguments must have already been taken.
- *
- * Note that if states contains more than one flag it MUST contain
- * BOOTM_STATE_START, since this handles and consumes the command line args.
- *
- * Also note that aside from boot_os_fn functions and bootm_load_os no other
- * functions we store the return value of in 'ret' may use a negative return
- * value, without special handling.
- *
- * @param cmdtp		Pointer to bootm command table entry
- * @param flag		Command flags (CMD_FLAG_...)
- * @param argc		Number of subcommand arguments (0 = no arguments)
- * @param argv		Arguments
- * @param states	Mask containing states to run (BOOTM_STATE_...)
- * @param images	Image header information
- * @param boot_progress 1 to show boot progress, 0 to not do this
- * @return 0 if ok, something else on error. Some errors will cause this
- *	function to perform a reboot! If states contains BOOTM_STATE_OS_GO
- *	then the intent is to boot an OS, so this function will not return
- *	unless the image type is standalone.
- */
-static int do_bootm_states(cmd_tbl_t *cmdtp, int flag, int argc,
-		char * const argv[], int states, bootm_headers_t *images,
-		int boot_progress)
-{
-	boot_os_fn *boot_fn;
-	ulong iflag = 0;
-	int ret = 0, need_boot_fn;
-
-	images->state |= states;
-
-	/*
-	 * Work through the states and see how far we get. We stop on
-	 * any error.
-	 */
-	if (states & BOOTM_STATE_START)
-		ret = bootm_start(cmdtp, flag, argc, argv);
-
-	if (!ret && (states & BOOTM_STATE_FINDOS))
-		ret = bootm_find_os(cmdtp, flag, argc, argv);
-
-	if (!ret && (states & BOOTM_STATE_FINDOTHER)) {
-		ret = bootm_find_other(cmdtp, flag, argc, argv);
-		argc = 0;	/* consume the args */
-	}
-
-	/* Load the OS */
-	if (!ret && (states & BOOTM_STATE_LOADOS)) {
-		ulong load_end;
-
-		iflag = bootm_disable_interrupts();
-		ret = bootm_load_os(images, &load_end, 0);
-		if (ret == 0)
-			lmb_reserve(&images->lmb, images->os.load,
-				    (load_end - images->os.load));
-		else if (ret && ret != BOOTM_ERR_OVERLAP)
-			goto err;
-		else if (ret == BOOTM_ERR_OVERLAP)
-			ret = 0;
-#if defined(CONFIG_SILENT_CONSOLE) && !defined(CONFIG_SILENT_U_BOOT_ONLY)
-		if (images->os.os == IH_OS_LINUX)
-			fixup_silent_linux();
-#endif
-	}
-
-	/* Relocate the ramdisk */
-#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH
-	if (!ret && (states & BOOTM_STATE_RAMDISK)) {
-		ulong rd_len = images->rd_end - images->rd_start;
-
-		ret = boot_ramdisk_high(&images->lmb, images->rd_start,
-			rd_len, &images->initrd_start, &images->initrd_end);
-		if (!ret) {
-			setenv_hex("initrd_start", images->initrd_start);
-			setenv_hex("initrd_end", images->initrd_end);
-		}
-	}
-#endif
-#if defined(CONFIG_OF_LIBFDT) && defined(CONFIG_LMB)
-	if (!ret && (states & BOOTM_STATE_FDT)) {
-		boot_fdt_add_mem_rsv_regions(&images->lmb, images->ft_addr);
-		ret = boot_relocate_fdt(&images->lmb, &images->ft_addr,
-					&images->ft_len);
-	}
-#endif
-
-	/* From now on, we need the OS boot function */
-	if (ret)
-		return ret;
-	boot_fn = boot_os[images->os.os];
-	need_boot_fn = states & (BOOTM_STATE_OS_CMDLINE |
-			BOOTM_STATE_OS_BD_T | BOOTM_STATE_OS_PREP |
-			BOOTM_STATE_OS_FAKE_GO | BOOTM_STATE_OS_GO);
-	if (boot_fn == NULL && need_boot_fn) {
-		if (iflag)
-			enable_interrupts();
-		printf("ERROR: booting os '%s' (%d) is not supported\n",
-		       genimg_get_os_name(images->os.os), images->os.os);
-		bootstage_error(BOOTSTAGE_ID_CHECK_BOOT_OS);
-		return 1;
-	}
-
-	/* Call various other states that are not generally used */
-	if (!ret && (states & BOOTM_STATE_OS_CMDLINE))
-		ret = boot_fn(BOOTM_STATE_OS_CMDLINE, argc, argv, images);
-	if (!ret && (states & BOOTM_STATE_OS_BD_T))
-		ret = boot_fn(BOOTM_STATE_OS_BD_T, argc, argv, images);
-	if (!ret && (states & BOOTM_STATE_OS_PREP))
-		ret = boot_fn(BOOTM_STATE_OS_PREP, argc, argv, images);
-
-#ifdef CONFIG_TRACE
-	/* Pretend to run the OS, then run a user command */
-	if (!ret && (states & BOOTM_STATE_OS_FAKE_GO)) {
-		char *cmd_list = getenv("fakegocmd");
-
-		ret = boot_selected_os(argc, argv, BOOTM_STATE_OS_FAKE_GO,
-				images, boot_fn);
-		if (!ret && cmd_list)
-			ret = run_command_list(cmd_list, -1, flag);
-	}
-#endif
-
-	/* Check for unsupported subcommand. */
-	if (ret) {
-		puts("subcommand not supported\n");
-		return ret;
-	}
-
-	/* Now run the OS! We hope this doesn't return */
-	if (!ret && (states & BOOTM_STATE_OS_GO))
-		ret = boot_selected_os(argc, argv, BOOTM_STATE_OS_GO,
-				images, boot_fn);
-
-	/* Deal with any fallout */
-err:
-	if (iflag)
-		enable_interrupts();
-
-	if (ret == BOOTM_ERR_UNIMPLEMENTED)
-		bootstage_error(BOOTSTAGE_ID_DECOMP_UNIMPL);
-	else if (ret == BOOTM_ERR_RESET)
-		do_reset(cmdtp, flag, argc, argv);
-
-	return ret;
-}
-
 static int do_bootm_subcommand(cmd_tbl_t *cmdtp, int flag, int argc,
 			char * const argv[])
 {
@@ -793,11 +99,6 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 	if (!relocated) {
 		int i;
 
-		/* relocate boot function table */
-		for (i = 0; i < ARRAY_SIZE(boot_os); i++)
-			if (boot_os[i] != NULL)
-				boot_os[i] += gd->reloc_off;
-
 		/* relocate names of sub-command table */
 		for (i = 0; i < ARRAY_SIZE(cmd_bootm_sub); i++)
 			cmd_bootm_sub[i].name += gd->reloc_off;
@@ -849,196 +150,6 @@ int bootm_maybe_autostart(cmd_tbl_t *cmdtp, const char *cmd)
 	return 0;
 }
 
-#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
-/**
- * image_get_kernel - verify legacy format kernel image
- * @img_addr: in RAM address of the legacy format image to be verified
- * @verify: data CRC verification flag
- *
- * image_get_kernel() verifies legacy image integrity and returns pointer to
- * legacy image header if image verification was completed successfully.
- *
- * returns:
- *     pointer to a legacy image header if valid image was found
- *     otherwise return NULL
- */
-static image_header_t *image_get_kernel(ulong img_addr, int verify)
-{
-	image_header_t *hdr = (image_header_t *)img_addr;
-
-	if (!image_check_magic(hdr)) {
-		puts("Bad Magic Number\n");
-		bootstage_error(BOOTSTAGE_ID_CHECK_MAGIC);
-		return NULL;
-	}
-	bootstage_mark(BOOTSTAGE_ID_CHECK_HEADER);
-
-	if (!image_check_hcrc(hdr)) {
-		puts("Bad Header Checksum\n");
-		bootstage_error(BOOTSTAGE_ID_CHECK_HEADER);
-		return NULL;
-	}
-
-	bootstage_mark(BOOTSTAGE_ID_CHECK_CHECKSUM);
-	image_print_contents(hdr);
-
-	if (verify) {
-		puts("   Verifying Checksum ... ");
-		if (!image_check_dcrc(hdr)) {
-			printf("Bad Data CRC\n");
-			bootstage_error(BOOTSTAGE_ID_CHECK_CHECKSUM);
-			return NULL;
-		}
-		puts("OK\n");
-	}
-	bootstage_mark(BOOTSTAGE_ID_CHECK_ARCH);
-
-	if (!image_check_target_arch(hdr)) {
-		printf("Unsupported Architecture 0x%x\n", image_get_arch(hdr));
-		bootstage_error(BOOTSTAGE_ID_CHECK_ARCH);
-		return NULL;
-	}
-	return hdr;
-}
-#endif
-
-/**
- * boot_get_kernel - find kernel image
- * @os_data: pointer to a ulong variable, will hold os data start address
- * @os_len: pointer to a ulong variable, will hold os data length
- *
- * boot_get_kernel() tries to find a kernel image, verifies its integrity
- * and locates kernel data.
- *
- * returns:
- *     pointer to image header if valid image was found, plus kernel start
- *     address and length, otherwise NULL
- */
-static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
-		char * const argv[], bootm_headers_t *images, ulong *os_data,
-		ulong *os_len)
-{
-#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
-	image_header_t	*hdr;
-#endif
-	ulong		img_addr;
-	const void *buf;
-#if defined(CONFIG_FIT)
-	const char	*fit_uname_config = NULL;
-	const char	*fit_uname_kernel = NULL;
-	int		os_noffset;
-#endif
-
-	/* find out kernel image address */
-	if (argc < 1) {
-		img_addr = load_addr;
-		debug("*  kernel: default image load address = 0x%08lx\n",
-				load_addr);
-#if defined(CONFIG_FIT)
-	} else if (fit_parse_conf(argv[0], load_addr, &img_addr,
-							&fit_uname_config)) {
-		debug("*  kernel: config '%s' from image at 0x%08lx\n",
-				fit_uname_config, img_addr);
-	} else if (fit_parse_subimage(argv[0], load_addr, &img_addr,
-							&fit_uname_kernel)) {
-		debug("*  kernel: subimage '%s' from image at 0x%08lx\n",
-				fit_uname_kernel, img_addr);
-#endif
-	} else {
-		img_addr = simple_strtoul(argv[0], NULL, 16);
-		debug("*  kernel: cmdline image address = 0x%08lx\n", img_addr);
-	}
-
-	bootstage_mark(BOOTSTAGE_ID_CHECK_MAGIC);
-
-	/* copy from dataflash if needed */
-	img_addr = genimg_get_image(img_addr);
-
-	/* check image type, for FIT images get FIT kernel node */
-	*os_data = *os_len = 0;
-	buf = map_sysmem(img_addr, 0);
-	switch (genimg_get_format(buf)) {
-#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
-	case IMAGE_FORMAT_LEGACY:
-		printf("## Booting kernel from Legacy Image@%08lx ...\n",
-				img_addr);
-		hdr = image_get_kernel(img_addr, images->verify);
-		if (!hdr)
-			return NULL;
-		bootstage_mark(BOOTSTAGE_ID_CHECK_IMAGETYPE);
-
-		/* get os_data and os_len */
-		switch (image_get_type(hdr)) {
-		case IH_TYPE_KERNEL:
-		case IH_TYPE_KERNEL_NOLOAD:
-			*os_data = image_get_data(hdr);
-			*os_len = image_get_data_size(hdr);
-			break;
-		case IH_TYPE_MULTI:
-			image_multi_getimg(hdr, 0, os_data, os_len);
-			break;
-		case IH_TYPE_STANDALONE:
-			*os_data = image_get_data(hdr);
-			*os_len = image_get_data_size(hdr);
-			break;
-		default:
-			printf("Wrong Image Type for %s command\n",
-				cmdtp->name);
-			bootstage_error(BOOTSTAGE_ID_CHECK_IMAGETYPE);
-			return NULL;
-		}
-
-		/*
-		 * copy image header to allow for image overwrites during
-		 * kernel decompression.
-		 */
-		memmove(&images->legacy_hdr_os_copy, hdr,
-			sizeof(image_header_t));
-
-		/* save pointer to image header */
-		images->legacy_hdr_os = hdr;
-
-		images->legacy_hdr_valid = 1;
-		bootstage_mark(BOOTSTAGE_ID_DECOMP_IMAGE);
-		break;
-#endif
-#if defined(CONFIG_FIT)
-	case IMAGE_FORMAT_FIT:
-		os_noffset = fit_image_load(images, FIT_KERNEL_PROP,
-				img_addr,
-				&fit_uname_kernel, &fit_uname_config,
-				IH_ARCH_DEFAULT, IH_TYPE_KERNEL,
-				BOOTSTAGE_ID_FIT_KERNEL_START,
-				FIT_LOAD_IGNORED, os_data, os_len);
-		if (os_noffset < 0)
-			return NULL;
-
-		images->fit_hdr_os = map_sysmem(img_addr, 0);
-		images->fit_uname_os = fit_uname_kernel;
-		images->fit_uname_cfg = fit_uname_config;
-		images->fit_noffset_os = os_noffset;
-		break;
-#endif
-#ifdef CONFIG_ANDROID_BOOT_IMAGE
-	case IMAGE_FORMAT_ANDROID:
-		printf("## Booting Android Image at 0x%08lx ...\n", img_addr);
-		if (android_image_get_kernel((void *)img_addr, images->verify,
-					     os_data, os_len))
-			return NULL;
-		break;
-#endif
-	default:
-		printf("Wrong Image Format for %s command\n", cmdtp->name);
-		bootstage_error(BOOTSTAGE_ID_FIT_KERNEL_INFO);
-		return NULL;
-	}
-
-	debug("   kernel data at 0x%08lx, len = 0x%08lx (%ld)\n",
-			*os_data, *os_len, *os_len);
-
-	return buf;
-}
-
 #ifdef CONFIG_SYS_LONGHELP
 static char bootm_help_text[] =
 	"[addr [arg ...]]\n    - boot application image stored in memory\n"
@@ -1420,441 +531,6 @@ U_BOOT_CMD(
 );
 #endif
 
-/*******************************************************************/
-/* helper routines */
-/*******************************************************************/
-#if defined(CONFIG_SILENT_CONSOLE) && !defined(CONFIG_SILENT_U_BOOT_ONLY)
-
-#define CONSOLE_ARG     "console="
-#define CONSOLE_ARG_LEN (sizeof(CONSOLE_ARG) - 1)
-
-static void fixup_silent_linux(void)
-{
-	char *buf;
-	const char *env_val;
-	char *cmdline = getenv("bootargs");
-	int want_silent;
-
-	/*
-	 * Only fix cmdline when requested. The environment variable can be:
-	 *
-	 *	no - we never fixup
-	 *	yes - we always fixup
-	 *	unset - we rely on the console silent flag
-	 */
-	want_silent = getenv_yesno("silent_linux");
-	if (want_silent == 0)
-		return;
-	else if (want_silent == -1 && !(gd->flags & GD_FLG_SILENT))
-		return;
-
-	debug("before silent fix-up: %s\n", cmdline);
-	if (cmdline && (cmdline[0] != '\0')) {
-		char *start = strstr(cmdline, CONSOLE_ARG);
-
-		/* Allocate space for maximum possible new command line */
-		buf = malloc(strlen(cmdline) + 1 + CONSOLE_ARG_LEN + 1);
-		if (!buf) {
-			debug("%s: out of memory\n", __func__);
-			return;
-		}
-
-		if (start) {
-			char *end = strchr(start, ' ');
-			int num_start_bytes = start - cmdline + CONSOLE_ARG_LEN;
-
-			strncpy(buf, cmdline, num_start_bytes);
-			if (end)
-				strcpy(buf + num_start_bytes, end);
-			else
-				buf[num_start_bytes] = '\0';
-		} else {
-			sprintf(buf, "%s %s", cmdline, CONSOLE_ARG);
-		}
-		env_val = buf;
-	} else {
-		buf = NULL;
-		env_val = CONSOLE_ARG;
-	}
-
-	setenv("bootargs", env_val);
-	debug("after silent fix-up: %s\n", env_val);
-	free(buf);
-}
-#endif /* CONFIG_SILENT_CONSOLE */
-
-#if defined(CONFIG_BOOTM_NETBSD) || defined(CONFIG_BOOTM_PLAN9)
-static void copy_args(char *dest, int argc, char * const argv[], char delim)
-{
-	int i;
-
-	for (i = 0; i < argc; i++) {
-		if (i > 0)
-			*dest++ = delim;
-		strcpy(dest, argv[i]);
-		dest += strlen(argv[i]);
-	}
-}
-#endif
-
-/*******************************************************************/
-/* OS booting routines */
-/*******************************************************************/
-
-#ifdef CONFIG_BOOTM_NETBSD
-static int do_bootm_netbsd(int flag, int argc, char * const argv[],
-			    bootm_headers_t *images)
-{
-	void (*loader)(bd_t *, image_header_t *, char *, char *);
-	image_header_t *os_hdr, *hdr;
-	ulong kernel_data, kernel_len;
-	char *consdev;
-	char *cmdline;
-
-	if (flag != BOOTM_STATE_OS_GO)
-		return 0;
-
-#if defined(CONFIG_FIT)
-	if (!images->legacy_hdr_valid) {
-		fit_unsupported_reset("NetBSD");
-		return 1;
-	}
-#endif
-	hdr = images->legacy_hdr_os;
-
-	/*
-	 * Booting a (NetBSD) kernel image
-	 *
-	 * This process is pretty similar to a standalone application:
-	 * The (first part of an multi-) image must be a stage-2 loader,
-	 * which in turn is responsible for loading & invoking the actual
-	 * kernel.  The only differences are the parameters being passed:
-	 * besides the board info strucure, the loader expects a command
-	 * line, the name of the console device, and (optionally) the
-	 * address of the original image header.
-	 */
-	os_hdr = NULL;
-	if (image_check_type(&images->legacy_hdr_os_copy, IH_TYPE_MULTI)) {
-		image_multi_getimg(hdr, 1, &kernel_data, &kernel_len);
-		if (kernel_len)
-			os_hdr = hdr;
-	}
-
-	consdev = "";
-#if   defined(CONFIG_8xx_CONS_SMC1)
-	consdev = "smc1";
-#elif defined(CONFIG_8xx_CONS_SMC2)
-	consdev = "smc2";
-#elif defined(CONFIG_8xx_CONS_SCC2)
-	consdev = "scc2";
-#elif defined(CONFIG_8xx_CONS_SCC3)
-	consdev = "scc3";
-#endif
-
-	if (argc > 0) {
-		ulong len;
-		int   i;
-
-		for (i = 0, len = 0; i < argc; i += 1)
-			len += strlen(argv[i]) + 1;
-		cmdline = malloc(len);
-		copy_args(cmdline, argc, argv, ' ');
-	} else if ((cmdline = getenv("bootargs")) == NULL) {
-		cmdline = "";
-	}
-
-	loader = (void (*)(bd_t *, image_header_t *, char *, char *))images->ep;
-
-	printf("## Transferring control to NetBSD stage-2 loader "
-		"(at address %08lx) ...\n",
-		(ulong)loader);
-
-	bootstage_mark(BOOTSTAGE_ID_RUN_OS);
-
-	/*
-	 * NetBSD Stage-2 Loader Parameters:
-	 *   arg[0]: pointer to board info data
-	 *   arg[1]: image load address
-	 *   arg[2]: char pointer to the console device to use
-	 *   arg[3]: char pointer to the boot arguments
-	 */
-	(*loader)(gd->bd, os_hdr, consdev, cmdline);
-
-	return 1;
-}
-#endif /* CONFIG_BOOTM_NETBSD*/
-
-#ifdef CONFIG_LYNXKDI
-static int do_bootm_lynxkdi(int flag, int argc, char * const argv[],
-			     bootm_headers_t *images)
-{
-	image_header_t *hdr = &images->legacy_hdr_os_copy;
-
-	if (flag != BOOTM_STATE_OS_GO)
-		return 0;
-
-#if defined(CONFIG_FIT)
-	if (!images->legacy_hdr_valid) {
-		fit_unsupported_reset("Lynx");
-		return 1;
-	}
-#endif
-
-	lynxkdi_boot((image_header_t *)hdr);
-
-	return 1;
-}
-#endif /* CONFIG_LYNXKDI */
-
-#ifdef CONFIG_BOOTM_RTEMS
-static int do_bootm_rtems(int flag, int argc, char * const argv[],
-			   bootm_headers_t *images)
-{
-	void (*entry_point)(bd_t *);
-
-	if (flag != BOOTM_STATE_OS_GO)
-		return 0;
-
-#if defined(CONFIG_FIT)
-	if (!images->legacy_hdr_valid) {
-		fit_unsupported_reset("RTEMS");
-		return 1;
-	}
-#endif
-
-	entry_point = (void (*)(bd_t *))images->ep;
-
-	printf("## Transferring control to RTEMS (at address %08lx) ...\n",
-		(ulong)entry_point);
-
-	bootstage_mark(BOOTSTAGE_ID_RUN_OS);
-
-	/*
-	 * RTEMS Parameters:
-	 *   r3: ptr to board info data
-	 */
-	(*entry_point)(gd->bd);
-
-	return 1;
-}
-#endif /* CONFIG_BOOTM_RTEMS */
-
-#if defined(CONFIG_BOOTM_OSE)
-static int do_bootm_ose(int flag, int argc, char * const argv[],
-			   bootm_headers_t *images)
-{
-	void (*entry_point)(void);
-
-	if (flag != BOOTM_STATE_OS_GO)
-		return 0;
-
-#if defined(CONFIG_FIT)
-	if (!images->legacy_hdr_valid) {
-		fit_unsupported_reset("OSE");
-		return 1;
-	}
-#endif
-
-	entry_point = (void (*)(void))images->ep;
-
-	printf("## Transferring control to OSE (at address %08lx) ...\n",
-		(ulong)entry_point);
-
-	bootstage_mark(BOOTSTAGE_ID_RUN_OS);
-
-	/*
-	 * OSE Parameters:
-	 *   None
-	 */
-	(*entry_point)();
-
-	return 1;
-}
-#endif /* CONFIG_BOOTM_OSE */
-
-#if defined(CONFIG_BOOTM_PLAN9)
-static int do_bootm_plan9(int flag, int argc, char * const argv[],
-			   bootm_headers_t *images)
-{
-	void (*entry_point)(void);
-	char *s;
-
-	if (flag != BOOTM_STATE_OS_GO)
-		return 0;
-
-#if defined(CONFIG_FIT)
-	if (!images->legacy_hdr_valid) {
-		fit_unsupported_reset("Plan 9");
-		return 1;
-	}
-#endif
-
-	/* See README.plan9 */
-	s = getenv("confaddr");
-	if (s != NULL) {
-		char *confaddr = (char *)simple_strtoul(s, NULL, 16);
-
-		if (argc > 0) {
-			copy_args(confaddr, argc, argv, '\n');
-		} else {
-			s = getenv("bootargs");
-			if (s != NULL)
-				strcpy(confaddr, s);
-		}
-	}
-
-	entry_point = (void (*)(void))images->ep;
-
-	printf("## Transferring control to Plan 9 (at address %08lx) ...\n",
-		(ulong)entry_point);
-
-	bootstage_mark(BOOTSTAGE_ID_RUN_OS);
-
-	/*
-	 * Plan 9 Parameters:
-	 *   None
-	 */
-	(*entry_point)();
-
-	return 1;
-}
-#endif /* CONFIG_BOOTM_PLAN9 */
-
-#if defined(CONFIG_BOOTM_VXWORKS) && \
-	(defined(CONFIG_PPC) || defined(CONFIG_ARM))
-
-void do_bootvx_fdt(bootm_headers_t *images)
-{
-#if defined(CONFIG_OF_LIBFDT)
-	int ret;
-	char *bootline;
-	ulong of_size = images->ft_len;
-	char **of_flat_tree = &images->ft_addr;
-	struct lmb *lmb = &images->lmb;
-
-	if (*of_flat_tree) {
-		boot_fdt_add_mem_rsv_regions(lmb, *of_flat_tree);
-
-		ret = boot_relocate_fdt(lmb, of_flat_tree, &of_size);
-		if (ret)
-			return;
-
-		ret = fdt_add_subnode(*of_flat_tree, 0, "chosen");
-		if ((ret >= 0 || ret == -FDT_ERR_EXISTS)) {
-			bootline = getenv("bootargs");
-			if (bootline) {
-				ret = fdt_find_and_setprop(*of_flat_tree,
-						"/chosen", "bootargs",
-						bootline,
-						strlen(bootline) + 1, 1);
-				if (ret < 0) {
-					printf("## ERROR: %s : %s\n", __func__,
-					       fdt_strerror(ret));
-					return;
-				}
-			}
-		} else {
-			printf("## ERROR: %s : %s\n", __func__,
-			       fdt_strerror(ret));
-			return;
-		}
-	}
-#endif
-
-	boot_prep_vxworks(images);
-
-	bootstage_mark(BOOTSTAGE_ID_RUN_OS);
-
-#if defined(CONFIG_OF_LIBFDT)
-	printf("## Starting vxWorks at 0x%08lx, device tree@0x%08lx ...\n",
-	       (ulong)images->ep, (ulong)*of_flat_tree);
-#else
-	printf("## Starting vxWorks at 0x%08lx\n", (ulong)images->ep);
-#endif
-
-	boot_jump_vxworks(images);
-
-	puts("## vxWorks terminated\n");
-}
-
-static int do_bootm_vxworks(int flag, int argc, char * const argv[],
-			     bootm_headers_t *images)
-{
-	if (flag != BOOTM_STATE_OS_GO)
-		return 0;
-
-#if defined(CONFIG_FIT)
-	if (!images->legacy_hdr_valid) {
-		fit_unsupported_reset("VxWorks");
-		return 1;
-	}
-#endif
-
-	do_bootvx_fdt(images);
-
-	return 1;
-}
-#endif
-
-#if defined(CONFIG_CMD_ELF)
-static int do_bootm_qnxelf(int flag, int argc, char * const argv[],
-			    bootm_headers_t *images)
-{
-	char *local_args[2];
-	char str[16];
-
-	if (flag != BOOTM_STATE_OS_GO)
-		return 0;
-
-#if defined(CONFIG_FIT)
-	if (!images->legacy_hdr_valid) {
-		fit_unsupported_reset("QNX");
-		return 1;
-	}
-#endif
-
-	sprintf(str, "%lx", images->ep); /* write entry-point into string */
-	local_args[0] = argv[0];
-	local_args[1] = str;	/* and provide it via the arguments */
-	do_bootelf(NULL, 0, 2, local_args);
-
-	return 1;
-}
-#endif
-
-#ifdef CONFIG_INTEGRITY
-static int do_bootm_integrity(int flag, int argc, char * const argv[],
-			   bootm_headers_t *images)
-{
-	void (*entry_point)(void);
-
-	if (flag != BOOTM_STATE_OS_GO)
-		return 0;
-
-#if defined(CONFIG_FIT)
-	if (!images->legacy_hdr_valid) {
-		fit_unsupported_reset("INTEGRITY");
-		return 1;
-	}
-#endif
-
-	entry_point = (void (*)(void))images->ep;
-
-	printf("## Transferring control to INTEGRITY (at address %08lx) ...\n",
-		(ulong)entry_point);
-
-	bootstage_mark(BOOTSTAGE_ID_RUN_OS);
-
-	/*
-	 * INTEGRITY Parameters:
-	 *   None
-	 */
-	(*entry_point)();
-
-	return 1;
-}
-#endif
-
 #ifdef CONFIG_CMD_BOOTZ
 
 int __weak bootz_setup(ulong image, ulong *start, ulong *end)
@@ -1898,14 +574,9 @@ static int bootz_start(cmd_tbl_t *cmdtp, int flag, int argc,
 	 * Handle the BOOTM_STATE_FINDOTHER state ourselves as we do not
 	 * have a header that provide this informaiton.
 	 */
-	if (bootm_find_ramdisk(flag, argc, argv))
+	if (bootm_find_ramdisk_fdt(flag, argc, argv))
 		return 1;
 
-#if defined(CONFIG_OF_LIBFDT)
-	if (bootm_find_fdt(flag, argc, argv))
-		return 1;
-#endif
-
 	return 0;
 }
 
diff --git a/include/bootm.h b/include/bootm.h
new file mode 100644
index 0000000..0a3ec56
--- /dev/null
+++ b/include/bootm.h
@@ -0,0 +1,55 @@
+/*
+ * (C) Copyright 2000-2009
+ * Wolfgang Denk, DENX Software Engineering, wd at denx.de.
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#ifndef _BOOTM_H
+#define _BOOTM_H
+
+#include <command.h>
+#include <image.h>
+
+#define BOOTM_ERR_RESET		(-1)
+#define BOOTM_ERR_OVERLAP		(-2)
+#define BOOTM_ERR_UNIMPLEMENTED	(-3)
+
+/*
+ *  Continue booting an OS image; caller already has:
+ *  - copied image header to global variable `header'
+ *  - checked header magic number, checksums (both header & image),
+ *  - verified image architecture (PPC) and type (KERNEL or MULTI),
+ *  - loaded (first part of) image to header load address,
+ *  - disabled interrupts.
+ *
+ * @flag: Flags indicating what to do (BOOTM_STATE_...)
+ * @argc: Number of arguments. Note that the arguments are shifted down
+ *	 so that 0 is the first argument not processed by U-Boot, and
+ *	 argc is adjusted accordingly. This avoids confusion as to how
+ *	 many arguments are available for the OS.
+ * @images: Pointers to os/initrd/fdt
+ * @return 1 on error. On success the OS boots so this function does
+ * not return.
+ */
+typedef int boot_os_fn(int flag, int argc, char * const argv[],
+			bootm_headers_t *images);
+
+extern boot_os_fn do_bootm_linux;
+int do_bootelf(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]);
+void lynxkdi_boot(image_header_t *hdr);
+
+boot_os_fn *bootm_os_get_boot_func(int os);
+
+int boot_selected_os(int argc, char * const argv[], int state,
+		     bootm_headers_t *images, boot_os_fn *boot_fn);
+
+ulong bootm_disable_interrupts(void);
+
+/* This is a special function used by bootz */
+int bootm_find_ramdisk_fdt(int flag, int argc, char * const argv[]);
+
+int do_bootm_states(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[],
+		    int states, bootm_headers_t *images, int boot_progress);
+
+#endif
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 07/14] image: Remove the fit_load_image() property parameter

[Simon Glass]

This can be obtained by looking up the image type, so is redundant. It is
better to centralise this lookup to avoid errors.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v2: None

 common/bootm.c     |  3 +--
 common/image-fdt.c |  1 -
 common/image-fit.c | 29 ++++++++++++++++++++++++++++-
 common/image.c     |  2 +-
 include/image.h    |  5 +++--
 5 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/common/bootm.c b/common/bootm.c
index 27a7f02..338f647 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -776,8 +776,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
 #endif
 #if defined(CONFIG_FIT)
 	case IMAGE_FORMAT_FIT:
-		os_noffset = fit_image_load(images, FIT_KERNEL_PROP,
-				img_addr,
+		os_noffset = fit_image_load(images, img_addr,
 				&fit_uname_kernel, &fit_uname_config,
 				IH_ARCH_DEFAULT, IH_TYPE_KERNEL,
 				BOOTSTAGE_ID_FIT_KERNEL_START,
diff --git a/common/image-fdt.c b/common/image-fdt.c
index ac4563f..6d4d13d 100644
--- a/common/image-fdt.c
+++ b/common/image-fdt.c
@@ -355,7 +355,6 @@ int boot_get_fdt(int flag, int argc, char * const argv[], uint8_t arch,
 				ulong load, len;
 
 				fdt_noffset = fit_image_load(images,
-					FIT_FDT_PROP,
 					fdt_addr, &fit_uname_fdt,
 					&fit_uname_config,
 					arch, IH_TYPE_FLATDT,
diff --git a/common/image-fit.c b/common/image-fit.c
index 40c7e27..c0d7b8c 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1477,7 +1477,32 @@ int fit_get_node_from_config(bootm_headers_t *images, const char *prop_name,
 	return noffset;
 }
 
-int fit_image_load(bootm_headers_t *images, const char *prop_name, ulong addr,
+/**
+ * fit_get_image_type_property() - get property name for IH_TYPE_...
+ *
+ * @return the properly name where we expect to find the image in the
+ * config node
+ */
+static const char *fit_get_image_type_property(int type)
+{
+	/*
+	 * This is sort-of available in the uimage_type[] table in image.c
+	 * but we don't have access to the sohrt name, and "fdt" is different
+	 * anyway. So let's just keep it here.
+	 */
+	switch (type) {
+	case IH_TYPE_FLATDT:
+		return FIT_FDT_PROP;
+	case IH_TYPE_KERNEL:
+		return FIT_KERNEL_PROP;
+	case IH_TYPE_RAMDISK:
+		return FIT_RAMDISK_PROP;
+	}
+
+	return "unknown";
+}
+
+int fit_image_load(bootm_headers_t *images, ulong addr,
 		   const char **fit_unamep, const char **fit_uname_configp,
 		   int arch, int image_type, int bootstage_id,
 		   enum fit_load_op load_op, ulong *datap, ulong *lenp)
@@ -1490,11 +1515,13 @@ int fit_image_load(bootm_headers_t *images, const char *prop_name, ulong addr,
 	size_t size;
 	int type_ok, os_ok;
 	ulong load, data, len;
+	const char *prop_name;
 	int ret;
 
 	fit = map_sysmem(addr, 0);
 	fit_uname = fit_unamep ? *fit_unamep : NULL;
 	fit_uname_config = fit_uname_configp ? *fit_uname_configp : NULL;
+	prop_name = fit_get_image_type_property(image_type);
 	printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr);
 
 	bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT);
diff --git a/common/image.c b/common/image.c
index f33b175..828b0af 100644
--- a/common/image.c
+++ b/common/image.c
@@ -903,7 +903,7 @@ int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
 #endif
 #if defined(CONFIG_FIT)
 		case IMAGE_FORMAT_FIT:
-			rd_noffset = fit_image_load(images, FIT_RAMDISK_PROP,
+			rd_noffset = fit_image_load(images,
 					rd_addr, &fit_uname_ramdisk,
 					&fit_uname_config, arch,
 					IH_TYPE_RAMDISK,
diff --git a/include/image.h b/include/image.h
index b71e4ba..ae767f0 100644
--- a/include/image.h
+++ b/include/image.h
@@ -434,8 +434,9 @@ int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
  * out progress messages, checking the type/arch/os and optionally copying it
  * to the right load address.
  *
+ * The property to look up is defined by image_type.
+ *
  * @param images	Boot images structure
- * @param prop_name	Property name to look up (FIT_..._PROP)
  * @param addr		Address of FIT in memory
  * @param fit_unamep	On entry this is the requested image name
  *			(e.g. "kernel at 1") or NULL to use the default. On exit
@@ -454,7 +455,7 @@ int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
  * @param datap		Returns address of loaded image
  * @param lenp		Returns length of loaded image
  */
-int fit_image_load(bootm_headers_t *images, const char *prop_name, ulong addr,
+int fit_image_load(bootm_headers_t *images, ulong addr,
 		   const char **fit_unamep, const char **fit_uname_configp,
 		   int arch, int image_type, int bootstage_id,
 		   enum fit_load_op load_op, ulong *datap, ulong *lenp);
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 08/14] bootm: Support android boot on sandbox

[Simon Glass]

A small change allows this to operate on sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v2: None

 common/bootm.c            | 2 +-
 include/configs/sandbox.h | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/common/bootm.c b/common/bootm.c
index 338f647..1e66929 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -793,7 +793,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
 #ifdef CONFIG_ANDROID_BOOT_IMAGE
 	case IMAGE_FORMAT_ANDROID:
 		printf("## Booting Android Image at 0x%08lx ...\n", img_addr);
-		if (android_image_get_kernel((void *)img_addr, images->verify,
+		if (android_image_get_kernel(buf, images->verify,
 					     os_data, os_len))
 			return NULL;
 		break;
diff --git a/include/configs/sandbox.h b/include/configs/sandbox.h
index 6bb2546..a145094 100644
--- a/include/configs/sandbox.h
+++ b/include/configs/sandbox.h
@@ -41,6 +41,7 @@
 #define CONFIG_RSA
 #define CONFIG_CMD_FDT
 #define CONFIG_DEFAULT_DEVICE_TREE	sandbox
+#define CONFIG_ANDROID_BOOT_IMAGE
 
 #define CONFIG_FS_FAT
 #define CONFIG_FS_EXT4
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 09/14] Fix small 'case' typo in image-fit.c

[Simon Glass]

This typo makes the comment confusing. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v2: None

 common/image-fit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/image-fit.c b/common/image-fit.c
index c0d7b8c..83fac9a 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1637,7 +1637,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
 
 	/*
 	 * Work-around for eldk-4.2 which gives this warning if we try to
-	 * case in the unmap_sysmem() call:
+	 * cast in the unmap_sysmem() call:
 	 * warning: initialization discards qualifiers from pointer target type
 	 */
 	{
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 10/14] Avoid including config.h in command.h

[Simon Glass]

This is not necessary and prevents using this header when building tools.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v2: None

 include/command.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/include/command.h b/include/command.h
index d3f700f..6f06db1 100644
--- a/include/command.h
+++ b/include/command.h
@@ -11,7 +11,6 @@
 #ifndef __COMMAND_H
 #define __COMMAND_H
 
-#include <config.h>
 #include <linker_lists.h>
 
 #ifndef NULL
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 11/14] Allow compiling common/bootm.c on with HOSTCC

[Simon Glass]

We want to use some of the functionality in this file, so make it
build on the host.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v2: None

 common/bootm.c | 18 ++++++++++++++----
 tools/Makefile |  1 +
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/common/bootm.c b/common/bootm.c
index 1e66929..d83dded 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -5,10 +5,10 @@
  * SPDX-License-Identifier:	GPL-2.0+
  */
 
+#ifndef USE_HOSTCC
 #include <common.h>
-#include <bootm.h>
+#include <bootstage.h>
 #include <bzlib.h>
-#include <image.h>
 #include <fdt_support.h>
 #include <lmb.h>
 #include <malloc.h>
@@ -17,12 +17,16 @@
 #include <lzma/LzmaTypes.h>
 #include <lzma/LzmaDec.h>
 #include <lzma/LzmaTools.h>
-
 #if defined(CONFIG_CMD_USB)
 #include <usb.h>
 #endif
+#else
+#include "mkimage.h"
+#endif
 
-DECLARE_GLOBAL_DATA_PTR;
+#include <command.h>
+#include <bootm.h>
+#include <image.h>
 
 #ifndef CONFIG_SYS_BOOTM_LEN
 /* use 8MByte as default max gunzip size */
@@ -31,6 +35,10 @@ DECLARE_GLOBAL_DATA_PTR;
 
 #define IH_INITRD_ARCH IH_ARCH_DEFAULT
 
+#ifndef USE_HOSTCC
+
+DECLARE_GLOBAL_DATA_PTR;
+
 static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
 				   char * const argv[], bootm_headers_t *images,
 				   ulong *os_data, ulong *os_len);
@@ -809,3 +817,5 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
 
 	return buf;
 }
+
+#endif /* ndef USE_HOSTCC */
diff --git a/tools/Makefile b/tools/Makefile
index 0088c1a..949b6c6 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -66,6 +66,7 @@ RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/rsa/, \
 dumpimage-mkimage-objs := aisimage.o \
 			atmelimage.o \
 			$(FIT_SIG_OBJS-y) \
+			common/bootm.o \
 			lib/crc32.o \
 			default_image.o \
 			lib/fdtdec.o \
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 12/14] bootm: Move decompression code into its own function

[Simon Glass]

This makes it possible to decompress an image without it being a kernel
and without intending to boot it (as it needed for host tools, for example).

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v2: None

 common/bootm.c | 75 +++++++++++++++++++++++++++++++++++++---------------------
 1 file changed, 48 insertions(+), 27 deletions(-)

diff --git a/common/bootm.c b/common/bootm.c
index d83dded..d93d3f3 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -245,32 +245,29 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc,
 	return 0;
 }
 
-static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
-			 int boot_progress)
+/**
+ * decomp_image() - decompress the operating system
+ *
+ * @comp:	Compression algorithm that is used (IH_COMP_...)
+ * @load:	Destination load address in U-Boot memory
+ * @image_start Image start address (where we are decompressing from)
+ * @type:	OS type (IH_OS_...)
+ * @load_bug:	Place to decompress to
+ * @image_buf:	Address to decompress from
+ * @return 0 if OK, -ve on error (BOOTM_ERR_...)
+ */
+static int decomp_image(int comp, ulong load, ulong image_start, int type,
+			void *load_buf, void *image_buf, ulong image_len,
+			ulong *load_end)
 {
-	image_info_t os = images->os;
-	uint8_t comp = os.comp;
-	ulong load = os.load;
-	ulong blob_start = os.start;
-	ulong blob_end = os.end;
-	ulong image_start = os.image_start;
-	ulong image_len = os.image_len;
-	__maybe_unused uint unc_len = CONFIG_SYS_BOOTM_LEN;
-	int no_overlap = 0;
-	void *load_buf, *image_buf;
-#if defined(CONFIG_LZMA) || defined(CONFIG_LZO)
-	int ret;
-#endif /* defined(CONFIG_LZMA) || defined(CONFIG_LZO) */
-
-	const char *type_name = genimg_get_type_name(os.type);
+	const char *type_name = genimg_get_type_name(type);
+	__attribute__((unused)) uint unc_len = CONFIG_SYS_BOOTM_LEN;
 
-	load_buf = map_sysmem(load, unc_len);
-	image_buf = map_sysmem(image_start, image_len);
+	*load_end = load;
 	switch (comp) {
 	case IH_COMP_NONE:
 		if (load == image_start) {
 			printf("   XIP %s ... ", type_name);
-			no_overlap = 1;
 		} else {
 			printf("   Loading %s ... ", type_name);
 			memmove_wd(load_buf, image_buf, image_len, CHUNKSZ);
@@ -282,8 +279,6 @@ static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
 		printf("   Uncompressing %s ... ", type_name);
 		if (gunzip(load_buf, unc_len, image_buf, &image_len) != 0) {
 			puts("GUNZIP: uncompress, out-of-mem or overwrite error - must RESET board to recover\n");
-			if (boot_progress)
-				bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
 			return BOOTM_ERR_RESET;
 		}
 
@@ -304,8 +299,6 @@ static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
 		if (i != BZ_OK) {
 			printf("BUNZIP2: uncompress or overwrite error %d - must RESET board to recover\n",
 			       i);
-			if (boot_progress)
-				bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
 			return BOOTM_ERR_RESET;
 		}
 
@@ -315,6 +308,8 @@ static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
 #ifdef CONFIG_LZMA
 	case IH_COMP_LZMA: {
 		SizeT lzma_len = unc_len;
+		int ret;
+
 		printf("   Uncompressing %s ... ", type_name);
 
 		ret = lzmaBuffToBuffDecompress(load_buf, &lzma_len,
@@ -333,6 +328,7 @@ static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
 #ifdef CONFIG_LZO
 	case IH_COMP_LZO: {
 		size_t size = unc_len;
+		int ret;
 
 		printf("   Uncompressing %s ... ", type_name);
 
@@ -340,8 +336,6 @@ static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
 		if (ret != LZO_E_OK) {
 			printf("LZO: uncompress or overwrite error %d - must RESET board to recover\n",
 			       ret);
-			if (boot_progress)
-				bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
 			return BOOTM_ERR_RESET;
 		}
 
@@ -354,12 +348,39 @@ static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
 		return BOOTM_ERR_UNIMPLEMENTED;
 	}
 
+	puts("OK\n");
+
+	return 0;
+}
+
+static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
+			 int boot_progress)
+{
+	image_info_t os = images->os;
+	ulong load = os.load;
+	ulong blob_start = os.start;
+	ulong blob_end = os.end;
+	ulong image_start = os.image_start;
+	ulong image_len = os.image_len;
+	bool no_overlap;
+	void *load_buf, *image_buf;
+	int err;
+
+	load_buf = map_sysmem(load, 0);
+	image_buf = map_sysmem(os.image_start, image_len);
+	err = decomp_image(os.comp, load, os.image_start, os.type, load_buf,
+			   image_buf, image_len, load_end);
+	if (err) {
+		bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE);
+		return err;
+	}
 	flush_cache(load, (*load_end - load) * sizeof(ulong));
 
-	puts("OK\n");
 	debug("   kernel loaded at 0x%08lx, end = 0x%08lx\n", load, *load_end);
 	bootstage_mark(BOOTSTAGE_ID_KERNEL_LOADED);
 
+	no_overlap = (os.comp == IH_COMP_NONE && load == image_start);
+
 	if (!no_overlap && (load < blob_end) && (*load_end > blob_start)) {
 		debug("images.os.start = 0x%lX, images.os.end = 0x%lx\n",
 		      blob_start, blob_end);
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 13/14] Enhance fit_check_sign to check all images

[Simon Glass]

At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.


Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
---

Changes in v2:
- Update test output in signature.txt

 common/bootm.c               | 71 ++++++++++++++++++++++++++++++++++++++++++++
 common/image-fit.c           |  3 +-
 doc/uImage.FIT/signature.txt |  3 ++
 include/bootm.h              |  2 ++
 include/image.h              |  5 +++-
 tools/fit_check_sign.c       |  7 +++--
 tools/image-host.c           | 12 ++++++--
 7 files changed, 96 insertions(+), 7 deletions(-)

diff --git a/common/bootm.c b/common/bootm.c
index d93d3f3..7ec2ed8 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -244,6 +244,7 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc,
 
 	return 0;
 }
+#endif /* USE_HOSTCC */
 
 /**
  * decomp_image() - decompress the operating system
@@ -353,6 +354,7 @@ static int decomp_image(int comp, ulong load, ulong image_start, int type,
 	return 0;
 }
 
+#ifndef USE_HOSTCC
 static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
 			 int boot_progress)
 {
@@ -838,5 +840,74 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
 
 	return buf;
 }
+#else /* USE_HOSTCC */
+
+void memmove_wd(void *to, void *from, size_t len, ulong chunksz)
+{
+	memmove(to, from, len);
+}
+
+static int bootm_host_load_image(const void *fit, int req_image_type)
+{
+	const char *fit_uname_config = NULL;
+	ulong data, len;
+	bootm_headers_t images;
+	int noffset;
+	ulong load_end;
+	uint8_t image_type;
+	uint8_t imape_comp;
+	void *load_buf;
+	int ret;
+
+	memset(&images, '\0', sizeof(images));
+	images.verify = 1;
+	noffset = fit_image_load(&images, (ulong)fit,
+		NULL, &fit_uname_config,
+		IH_ARCH_DEFAULT, req_image_type, -1,
+		FIT_LOAD_IGNORED, &data, &len);
+	if (noffset < 0)
+		return noffset;
+	if (fit_image_get_type(fit, noffset, &image_type)) {
+		puts("Can't get image type!\n");
+		return -EINVAL;
+	}
+
+	if (fit_image_get_comp(fit, noffset, &imape_comp)) {
+		puts("Can't get image compression!\n");
+		return -EINVAL;
+	}
+
+	/* Allow the image to expand by a factor of 4, should be safe */
+	load_buf = malloc((1 << 20) + len * 4);
+	ret = decomp_image(imape_comp, 0, data, image_type, load_buf,
+			   (void *)data, len, &load_end);
+	free(load_buf);
+	if (ret && ret != BOOTM_ERR_UNIMPLEMENTED)
+		return ret;
+
+	return 0;
+}
+
+int bootm_host_load_images(const void *fit, int cfg_noffset)
+{
+	static uint8_t image_types[] = {
+		IH_TYPE_KERNEL,
+		IH_TYPE_FLATDT,
+		IH_TYPE_RAMDISK,
+	};
+	int err = 0;
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(image_types); i++) {
+		int ret;
+
+		ret = bootm_host_load_image(fit, image_types[i]);
+		if (!err && ret && ret != -ENOENT)
+			err = ret;
+	}
+
+	/* Return the first error we found */
+	return err;
+}
 
 #endif /* ndef USE_HOSTCC */
diff --git a/common/image-fit.c b/common/image-fit.c
index 83fac9a..3311343 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1591,12 +1591,13 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
 	}
 
 	bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
+#ifndef USE_HOSTCC
 	if (!fit_image_check_target_arch(fit, noffset)) {
 		puts("Unsupported Architecture\n");
 		bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
 		return -ENOEXEC;
 	}
-
+#endif
 	if (image_type == IH_TYPE_FLATDT &&
 	    !fit_image_check_comp(fit, noffset, IH_COMP_NONE)) {
 		puts("FDT image is compressed");
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index 672dc35..a6ab543 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -361,6 +361,7 @@ Test Verified Boot Run: unsigned config: OK
 Sign images
 Test Verified Boot Run: signed config: OK
 check signed config on the host
+Signature check OK
 OK
 Test Verified Boot Run: signed config: OK
 Test Verified Boot Run: signed config with bad hash: OK
@@ -374,12 +375,14 @@ Test Verified Boot Run: unsigned config: OK
 Sign images
 Test Verified Boot Run: signed config: OK
 check signed config on the host
+Signature check OK
 OK
 Test Verified Boot Run: signed config: OK
 Test Verified Boot Run: signed config with bad hash: OK
 
 Test passed
 
+
 Future Work
 -----------
 - Roll-back protection using a TPM is done using the tpm command. This can
diff --git a/include/bootm.h b/include/bootm.h
index 0a3ec56..4a308d8 100644
--- a/include/bootm.h
+++ b/include/bootm.h
@@ -41,6 +41,8 @@ void lynxkdi_boot(image_header_t *hdr);
 
 boot_os_fn *bootm_os_get_boot_func(int os);
 
+int bootm_host_load_images(const void *fit, int cfg_noffset);
+
 int boot_selected_os(int argc, char * const argv[], int state,
 		     bootm_headers_t *images, boot_os_fn *boot_fn);
 
diff --git a/include/image.h b/include/image.h
index ae767f0..ab93eb6 100644
--- a/include/image.h
+++ b/include/image.h
@@ -425,6 +425,7 @@ ulong genimg_get_image(ulong img_addr);
 
 int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
 		uint8_t arch, ulong *rd_start, ulong *rd_end);
+#endif
 
 /**
  * fit_image_load() - load an image from a FIT
@@ -454,12 +455,14 @@ int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
  * @param load_op	Decribes what to do with the load address
  * @param datap		Returns address of loaded image
  * @param lenp		Returns length of loaded image
+ * @return node offset of image, or -ve error code on error
  */
 int fit_image_load(bootm_headers_t *images, ulong addr,
 		   const char **fit_unamep, const char **fit_uname_configp,
 		   int arch, int image_type, int bootstage_id,
 		   enum fit_load_op load_op, ulong *datap, ulong *lenp);
 
+#ifndef USE_HOSTCC
 /**
  * fit_get_node_from_config() - Look up an image a FIT by type
  *
@@ -604,8 +607,8 @@ int image_check_dcrc(const image_header_t *hdr);
 ulong getenv_bootm_low(void);
 phys_size_t getenv_bootm_size(void);
 phys_size_t getenv_bootm_mapsize(void);
-void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
 #endif
+void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
 
 static inline int image_check_magic(const image_header_t *hdr)
 {
diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
index 768be2f..69e99c0 100644
--- a/tools/fit_check_sign.c
+++ b/tools/fit_check_sign.c
@@ -80,10 +80,13 @@ int main(int argc, char **argv)
 
 	image_set_host_blob(key_blob);
 	ret = fit_check_sign(fit_blob, key_blob);
-	if (!ret)
+	if (!ret) {
 		ret = EXIT_SUCCESS;
-	else
+		fprintf(stderr, "Signature check OK\n");
+	} else {
 		ret = EXIT_FAILURE;
+		fprintf(stderr, "Signature check Bad (error %d)\n", ret);
+	}
 
 	(void) munmap((void *)fit_blob, fsbuf.st_size);
 	(void) munmap((void *)key_blob, ksbuf.st_size);
diff --git a/tools/image-host.c b/tools/image-host.c
index faeef66..0eff720 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -10,6 +10,7 @@
  */
 
 #include "mkimage.h"
+#include <bootm.h>
 #include <image.h>
 #include <version.h>
 
@@ -707,16 +708,21 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
 }
 
 #ifdef CONFIG_FIT_SIGNATURE
-int fit_check_sign(const void *working_fdt, const void *key)
+int fit_check_sign(const void *fit, const void *key)
 {
 	int cfg_noffset;
 	int ret;
 
-	cfg_noffset = fit_conf_get_node(working_fdt, NULL);
+	cfg_noffset = fit_conf_get_node(fit, NULL);
 	if (!cfg_noffset)
 		return -1;
 
-	ret = fit_config_verify(working_fdt, cfg_noffset);
+	printf("Verifying Hash Integrity ... ");
+	ret = fit_config_verify(fit, cfg_noffset);
+	if (ret)
+		return ret;
+	ret = bootm_host_load_images(fit, cfg_noffset);
+
 	return ret;
 }
 #endif
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH v2 14/14] Add documentation for verified boot on Beaglebone Black

[Simon Glass]

As an example of an end-to-end process for using verified boot in U-Boot,
add a detailed description of the steps to be used for a Beaglebone
Black.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v2: None

 doc/uImage.FIT/beaglebone_vboot.txt | 608 ++++++++++++++++++++++++++++++++++++
 1 file changed, 608 insertions(+)
 create mode 100644 doc/uImage.FIT/beaglebone_vboot.txt

diff --git a/doc/uImage.FIT/beaglebone_vboot.txt b/doc/uImage.FIT/beaglebone_vboot.txt
new file mode 100644
index 0000000..b4ab285
--- /dev/null
+++ b/doc/uImage.FIT/beaglebone_vboot.txt
@@ -0,0 +1,608 @@
+Verified Boot on the Beaglebone Black
+=====================================
+
+Introduction
+------------
+
+Before reading this, please read verified-boot.txt and signature.txt. These
+instructions are for mainline U-Boot from v2014.07 onwards.
+
+There is quite a bit of documentation in this directory describing how
+verified boot works in U-Boot. There is also a test which runs through the
+entire process of signing an image and running U-Boot (sandbox) to check it.
+However, it might be useful to also have an example on a real board.
+
+Beaglebone Black is a fairly common board so seems to be a reasonable choice
+for an example of how to enable verified boot using U-Boot.
+
+First a note that may to help avoid confusion. U-Boot and Linux both use
+device tree. They may use the same device tree source, but it is seldom useful
+for them to use the exact same binary from the same place. More typically,
+U-Boot has its device tree packaged wtih it, and the kernel's device tree is
+packaged with the kernel. In particular this is important with verified boot,
+since U-Boot's device tree must be immutable. If it can be changed then the
+public keys can be changed and verified boot is useless. An attacker can
+simply generate a new key and put his public key into U-Boot so that
+everything verifies. On the other hand the kernel's device tree typically
+changes when the kernel changes, so it is useful to package an updated device
+tree with the kernel binary. U-Boot supports the latter with its flexible FIT
+format (Flat Image Tree).
+
+
+Overview
+--------
+
+The steps are roughly as follows:
+
+1. Build U-Boot for the board, with the verified boot options enabled.
+
+2. Obtain a suitable Linux kernel
+
+3. Create a Image Tree Source file (ITS) file describing how you want the
+kernel to be packaged, compressed and signed.
+
+4. Create a key pair
+
+5. Sign the kernel
+
+6. Put the public key into U-Boot's image
+
+7. Put U-Boot and the kernel onto the board
+
+8. Try it
+
+
+Step 1: Build U-Boot
+--------------------
+
+a. Set up the environment variable to point to your toolchain. You will need
+this for U-Boot and also for the kernel if you build it. For example if you
+installed a Linaro version manually it might be something like:
+
+   export CROSS_COMPILE=/opt/linaro/gcc-linaro-arm-linux-gnueabihf-4.8-2013.08_linux/bin/arm-linux-gnueabihf-
+
+or if you just installed gcc-arm-linux-gnueabi then it might be
+
+   export CROSS_COMPILE=arm-linux-gnueabi-
+
+b. Configure and build U-Boot with verified boot enabled:
+
+   export ARCH=arm
+   export UBOOT=/path/to/u-boot
+   cd $UBOOT
+   # You can add -j10 if you have 10 CPUs to make it faster
+   make O=b/am335x_boneblack_vboot am335x_boneblack_vboot_config all
+   export UOUT=$UBOOT/b/am335x_boneblack_vboot
+
+c. You will now have a U-Boot image:
+
+   file b/am335x_boneblack_vboot/u-boot-dtb.img
+b/am335x_boneblack_vboot/u-boot-dtb.img: u-boot legacy uImage, U-Boot 2014.07-rc2-00065-g2f69f8, Firmware/ARM, Firmware Image (Not compressed), 395375 bytes, Sat May 31 16:19:04 2014, Load Address: 0x80800000, Entry Point: 0x00000000, Header CRC: 0x0ABD6ACA, Data CRC: 0x36DEF7E4
+
+
+Step 2: Build Linux
+--------------------
+
+a. Find the kernel image ('Image') and device tree (.dtb) file you plan to
+use. In our case it is am335x-boneblack.dtb and it is built with the kernel.
+At the time of writing an SD Boot image can be obtained from here:
+
+   http://www.elinux.org/Beagleboard:Updating_The_Software#Image_For_Booting_From_microSD
+
+You can write this to an SD card and then mount it to extract the kernel and
+device tree files.
+
+You can also build a kernel. Instructions for this are are here:
+
+   http://elinux.org/Building_BBB_Kernel
+
+or you can use your favourite search engine. Following these instructions
+produces a kernel Image and device tree files. For the record the steps were:
+
+   export KERNEL=/path/to/kernel
+   cd $KERNEL
+   git clone git://github.com/beagleboard/kernel.git .
+   git checkout v3.14
+   ./patch.sh
+   cp configs/beaglebone kernel/arch/arm/configs/beaglebone_defconfig
+   cd kernel
+   make beaglebone_defconfig
+   make uImage dtbs   # -j10 if you have 10 CPUs
+   export OKERNEL=$KERNEL/kernel/arch/arm/boot
+
+c. You now have the 'Image' and 'am335x-boneblack.dtb' files needed to boot.
+
+
+Step 3: Create the ITS
+----------------------
+
+Set up a directory for your work.
+
+   export WORK=/path/to/dir
+   cd $WORK
+
+Put this into a file in that directory called sign.its:
+
+/dts-v1/;
+
+/ {
+	description = "Beaglebone black";
+	#address-cells = <1>;
+
+	images {
+		kernel at 1 {
+			data = /incbin/("Image.lzo");
+			type = "kernel";
+			arch = "arm";
+			os = "linux";
+			compression = "lzo";
+			load = <0x80008000>;
+			entry = <0x80008000>;
+			hash at 1 {
+				algo = "sha1";
+			};
+		};
+		fdt at 1 {
+			description = "beaglebone-black";
+			data = /incbin/("am335x-boneblack.dtb");
+			type = "flat_dt";
+			arch = "arm";
+			compression = "none";
+			hash at 1 {
+				algo = "sha1";
+			};
+		};
+	};
+	configurations {
+		default = "conf at 1";
+		conf at 1 {
+			kernel = "kernel at 1";
+			fdt = "fdt at 1";
+			signature at 1 {
+				algo = "sha1,rsa2048";
+				key-name-hint = "dev";
+				sign-images = "fdt", "kernel";
+			};
+		};
+	};
+};
+
+
+The explanation for this is all in the documentation you have already read.
+But briefly it packages a kernel and device tree, and provides a single
+configuration to be signed with a key named 'dev'. The kernel is compressed
+with LZO to make it smaller.
+
+
+Step 4: Create a key pair
+-------------------------
+
+See signature.txt for details on this step.
+
+   cd $WORK
+   mkdir keys
+   openssl genrsa -F4 -out keys/dev.key 2048
+   openssl req -batch -new -x509 -key keys/dev.key -out keys/dev.crt
+
+Note: keys/dev.key contains your private key and is very secret. If anyone
+gets access to that file they can sign kernels with it. Keep it secure.
+
+
+Step 5: Sign the kernel
+-----------------------
+
+We need to use mkimage (which was built when you built U-Boot) to package the
+Linux kernel into a FIT (Flat Image Tree, a flexible file format that U-Boot
+can load) using the ITS file you just created.
+
+At the same time we must put the public key into U-Boot device tree, with the
+'required' property, which tells U-Boot that this key must be verified for the
+image to be valid. You will make this key available to U-Boot for booting in
+step 6.
+
+   ln -s $OKERNEL/dts/am335x-boneblack.dtb
+   ln -s $OKERNEL/Image
+   ln -s $UOUT/u-boot-dtb.img
+   cp $UOUT/arch/arm/dts/am335x-boneblack.dtb am335x-boneblack-pubkey.dtb
+   lzop Image
+   $UOUT/tools/mkimage -f sign.its -K am335x-boneblack-pubkey.dtb -k keys -r image.fit
+
+You should see something like this:
+
+FIT description: Beaglebone black
+Created:         Sun Jun  1 12:50:30 2014
+ Image 0 (kernel at 1)
+  Description:  unavailable
+  Created:      Sun Jun  1 12:50:30 2014
+  Type:         Kernel Image
+  Compression:  lzo compressed
+  Data Size:    7790938 Bytes = 7608.34 kB = 7.43 MB
+  Architecture: ARM
+  OS:           Linux
+  Load Address: 0x80008000
+  Entry Point:  0x80008000
+  Hash algo:    sha1
+  Hash value:   c94364646427e10f423837e559898ef02c97b988
+ Image 1 (fdt at 1)
+  Description:  beaglebone-black
+  Created:      Sun Jun  1 12:50:30 2014
+  Type:         Flat Device Tree
+  Compression:  uncompressed
+  Data Size:    31547 Bytes = 30.81 kB = 0.03 MB
+  Architecture: ARM
+  Hash algo:    sha1
+  Hash value:   cb09202f889d824f23b8e4404b781be5ad38a68d
+ Default Configuration: 'conf at 1'
+ Configuration 0 (conf at 1)
+  Description:  unavailable
+  Kernel:       kernel at 1
+  FDT:          fdt at 1
+
+
+Now am335x-boneblack-pubkey.dtb contains the public key and image.fit contains
+the signed kernel. Jump to step 6 if you like, or continue reading to increase
+your understanding.
+
+You can also run fit_check_sign to check it:
+
+   $UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
+
+which results in:
+
+Verifying Hash Integrity ... sha1,rsa2048:dev+
+## Loading kernel from FIT Image at 7fc6ee469000 ...
+   Using 'conf at 1' configuration
+   Verifying Hash Integrity ...
+sha1,rsa2048:dev+
+OK
+
+   Trying 'kernel at 1' kernel subimage
+     Description:  unavailable
+     Created:      Sun Jun  1 12:50:30 2014
+     Type:         Kernel Image
+     Compression:  lzo compressed
+     Data Size:    7790938 Bytes = 7608.34 kB = 7.43 MB
+     Architecture: ARM
+     OS:           Linux
+     Load Address: 0x80008000
+     Entry Point:  0x80008000
+     Hash algo:    sha1
+     Hash value:   c94364646427e10f423837e559898ef02c97b988
+   Verifying Hash Integrity ...
+sha1+
+OK
+
+Unimplemented compression type 4
+## Loading fdt from FIT Image at 7fc6ee469000 ...
+   Using 'conf at 1' configuration
+   Trying 'fdt at 1' fdt subimage
+     Description:  beaglebone-black
+     Created:      Sun Jun  1 12:50:30 2014
+     Type:         Flat Device Tree
+     Compression:  uncompressed
+     Data Size:    31547 Bytes = 30.81 kB = 0.03 MB
+     Architecture: ARM
+     Hash algo:    sha1
+     Hash value:   cb09202f889d824f23b8e4404b781be5ad38a68d
+   Verifying Hash Integrity ...
+sha1+
+OK
+
+   Loading Flat Device Tree ... OK
+
+## Loading ramdisk from FIT Image at 7fc6ee469000 ...
+   Using 'conf at 1' configuration
+Could not find subimage node
+
+Signature check OK
+
+
+At the top, you see "sha1,rsa2048:dev+". This means that it checked an RSA key
+of size 2048 bits using SHA1 as the hash algorithm. The key name checked was
+'dev' and the '+' means that it verified. If it showed '-' that would be bad.
+
+Once the configuration is verified it is then possible to rely on the hashes
+in each image referenced by that configuration. So fit_check_sign goes on to
+load each of the images. We have a kernel and an FDT but no ramkdisk. In each
+case fit_check_sign checks the hash and prints sha1+ meaning that the SHA1
+hash verified. This means that none of the images has been tampered with.
+
+There is a test in test/vboot which uses U-Boot's sandbox build to verify that
+the above flow works.
+
+But it is fun to do this by hand, so you can load image.fit into a hex editor
+like ghex, and change a byte in the kernel:
+
+   $UOUT/tools/fit_info -f image.fit -n /images/kernel at 1 -p data
+NAME: kernel at 1
+LEN: 7790938
+OFF: 168
+
+This tells us that the kernel starts at byte offset 168 (decimal) in image.fit
+and extends for about 7MB. Try changing a byte at 0x2000 (say) and run
+fit_check_sign again. You should see something like:
+
+Verifying Hash Integrity ... sha1,rsa2048:dev+
+## Loading kernel from FIT Image at 7f5a39571000 ...
+   Using 'conf at 1' configuration
+   Verifying Hash Integrity ...
+sha1,rsa2048:dev+
+OK
+
+   Trying 'kernel at 1' kernel subimage
+     Description:  unavailable
+     Created:      Sun Jun  1 13:09:21 2014
+     Type:         Kernel Image
+     Compression:  lzo compressed
+     Data Size:    7790938 Bytes = 7608.34 kB = 7.43 MB
+     Architecture: ARM
+     OS:           Linux
+     Load Address: 0x80008000
+     Entry Point:  0x80008000
+     Hash algo:    sha1
+     Hash value:   c94364646427e10f423837e559898ef02c97b988
+   Verifying Hash Integrity ...
+sha1 error
+Bad hash value for 'hash at 1' hash node in 'kernel at 1' image node
+Bad Data Hash
+
+## Loading fdt from FIT Image at 7f5a39571000 ...
+   Using 'conf at 1' configuration
+   Trying 'fdt at 1' fdt subimage
+     Description:  beaglebone-black
+     Created:      Sun Jun  1 13:09:21 2014
+     Type:         Flat Device Tree
+     Compression:  uncompressed
+     Data Size:    31547 Bytes = 30.81 kB = 0.03 MB
+     Architecture: ARM
+     Hash algo:    sha1
+     Hash value:   cb09202f889d824f23b8e4404b781be5ad38a68d
+   Verifying Hash Integrity ...
+sha1+
+OK
+
+   Loading Flat Device Tree ... OK
+
+## Loading ramdisk from FIT Image at 7f5a39571000 ...
+   Using 'conf at 1' configuration
+Could not find subimage node
+
+Signature check Bad (error 1)
+
+
+It has detected the change in the kernel.
+
+You can also be sneaky and try to switch images, using the libfdt utilities
+that come with dtc (package name is device-tree-compiler but you will need a
+recent version like 1.4:
+
+   dtc -v
+Version: DTC 1.4.0
+
+First we can check which nodes are actually hashed by the configuration:
+
+   fdtget -l image.fit /
+images
+configurations
+
+   fdtget -l image.fit /configurations
+conf at 1
+fdtget -l image.fit /configurations/conf at 1
+signature at 1
+
+   fdtget -p image.fit /configurations/conf at 1/signature at 1
+hashed-strings
+hashed-nodes
+timestamp
+signer-version
+signer-name
+value
+algo
+key-name-hint
+sign-images
+
+   fdtget image.fit /configurations/conf at 1/signature at 1 hashed-nodes
+/ /configurations/conf at 1 /images/fdt at 1 /images/fdt at 1/hash at 1 /images/kernel at 1 /images/kernel at 1/hash at 1
+
+This gives us a bit of a look into the signature that mkimage added. Note you
+can also use fdtdump to list the entire device tree.
+
+Say we want to change the kernel that this configuration uses
+(/images/kernel at 1). We could just put a new kernel in the image, but we will
+need to change the hash to match. Let's simulate that by changing a byte of
+the hash:
+
+    fdtget -tx image.fit /images/kernel at 1/hash at 1 value
+c9436464 6427e10f 423837e5 59898ef0 2c97b988
+    fdtput -tx image.fit /images/kernel at 1/hash at 1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981
+
+Now check it again:
+
+   $UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
+Verifying Hash Integrity ... sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
+rsa_verify_with_keynode: RSA failed to verify: -13
+-
+Failed to verify required signature 'key-dev'
+Signature check Bad (error 1)
+
+This time we don't even get as far as checking the images, since the
+configuration signature doesn't match. We can't change any hashes without the
+signature check noticing. The configuration is essentially locked. U-Boot has
+a public key for which it requires a match, and will not permit the use of any
+configuration that does not match that public key. The only way the
+configuration will match is if it was signed by the matching private key.
+
+It would also be possible to add a new signature node that does match your new
+configuration. But that won't work since you are not allowed to change the
+configuration in any way. Try it with a fresh (valid) image if you like by
+running the mkimage link again. Then:
+
+   fdtput -p image.fit /configurations/conf at 1/signature at 2 value fred
+   $UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb
+Verifying Hash Integrity ... -
+sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13
+rsa_verify_with_keynode: RSA failed to verify: -13
+-
+Failed to verify required signature 'key-dev'
+Signature check Bad (error 1)
+
+
+Of course it would be possible to add an entirely new configuration and boot
+with that, but it still needs to be signed, so it won't help.
+
+
+6. Put the public key into U-Boot's image
+-----------------------------------------
+
+Having confirmed that the signature is doing its job, let's try it out in
+U-Boot on the board. U-Boot needs access to the public key corresponding to
+the private key that you signed with so that it can verify any kernels that
+you sign.
+
+   cd $UBOOT
+   make O=b/am335x_boneblack_vboot EXT_DTB=${WORK}/am335x-boneblack-pubkey.dtb
+
+Here we are overrriding the normal device tree file with our one, which
+contains the public key.
+
+Now you have a special U-Boot image with the public key. It can verify can
+kernel that you sign with the private key as in step 5.
+
+If you like you can take a look at the public key information that mkimage
+added to U-Boot's device tree:
+
+   fdtget -p am335x-boneblack-pubkey.dtb /signature/key-dev
+required
+algo
+rsa,r-squared
+rsa,modulus
+rsa,n0-inverse
+rsa,num-bits
+key-name-hint
+
+This has information about the key and some pre-processed values which U-Boot
+can use to verify against it. These values are obtained from the public key
+certificate by mkimage, but require quite a bit of code to generate. To save
+code space in U-Boot, the information is extracted and written in raw form for
+U-Boot to easily use. The same mechanism is used in Google's Chrome OS.
+
+Notice the 'required' property. This marks the key as required - U-Boot will
+not boot any image that does not verify against this key.
+
+
+7. Put U-Boot and the kernel onto the board
+-------------------------------------------
+
+The method here varies depending on how you are booting. For this example we
+are booting from an micro-SD card with two partitions, one for U-Boot and one
+for Linux. Put it into your machine and write U-Boot and the kernel to it.
+Here the card is /dev/sde:
+
+   cd $WORK
+   export UDEV=/dev/sde1   # Change thes two lines to the correct device
+   export KDEV=/dev/sde2
+   sudo mount $UDEV /mnt/tmp && sudo cp $UOUT/u-boot-dtb.img /mnt/tmp/u-boot.img  && sleep 1 && sudo umount $UDEV
+   sudo mount $KDEV /mnt/tmp && sudo cp $WORK/image.fit /mnt/tmp/boot/image.fit && sleep 1 && sudo umount $KDEV
+
+
+8. Try it
+---------
+
+Boot the board using the commands below:
+
+   setenv bootargs console=ttyO0,115200n8 quiet root=/dev/mmcblk0p2 ro rootfstype=ext4 rootwait
+   ext2load mmc 0:2 82000000 /boot/image.fit
+   bootm 82000000
+
+You should then see something like this:
+
+U-Boot# setenv bootargs console=ttyO0,115200n8 quiet root=/dev/mmcblk0p2 ro rootfstype=ext4 rootwait
+U-Boot# ext2load mmc 0:2 82000000 /boot/image.fit
+7824930 bytes read in 589 ms (12.7 MiB/s)
+U-Boot# bootm 82000000
+## Loading kernel from FIT Image at 82000000 ...
+   Using 'conf at 1' configuration
+   Verifying Hash Integrity ... sha1,rsa2048:dev+ OK
+   Trying 'kernel at 1' kernel subimage
+     Description:  unavailable
+     Created:      2014-06-01  19:32:54 UTC
+     Type:         Kernel Image
+     Compression:  lzo compressed
+     Data Start:   0x820000a8
+     Data Size:    7790938 Bytes = 7.4 MiB
+     Architecture: ARM
+     OS:           Linux
+     Load Address: 0x80008000
+     Entry Point:  0x80008000
+     Hash algo:    sha1
+     Hash value:   c94364646427e10f423837e559898ef02c97b988
+   Verifying Hash Integrity ... sha1+ OK
+## Loading fdt from FIT Image at 82000000 ...
+   Using 'conf at 1' configuration
+   Trying 'fdt at 1' fdt subimage
+     Description:  beaglebone-black
+     Created:      2014-06-01  19:32:54 UTC
+     Type:         Flat Device Tree
+     Compression:  uncompressed
+     Data Start:   0x8276e2ec
+     Data Size:    31547 Bytes = 30.8 KiB
+     Architecture: ARM
+     Hash algo:    sha1
+     Hash value:   cb09202f889d824f23b8e4404b781be5ad38a68d
+   Verifying Hash Integrity ... sha1+ OK
+   Booting using the fdt blob at 0x8276e2ec
+   Uncompressing Kernel Image ... OK
+   Loading Device Tree to 8fff5000, end 8ffffb3a ... OK
+
+Starting kernel ...
+
+[    0.582377] omap_init_mbox: hwmod doesn't have valid attrs
+[    2.589651] musb-hdrc musb-hdrc.0.auto: Failed to request rx1.
+[    2.595830] musb-hdrc musb-hdrc.0.auto: musb_init_controller failed with status -517
+[    2.606470] musb-hdrc musb-hdrc.1.auto: Failed to request rx1.
+[    2.612723] musb-hdrc musb-hdrc.1.auto: musb_init_controller failed with status -517
+[    2.940808] drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
+[    7.248889] libphy: PHY 4a101000.mdio:01 not found
+[    7.253995] net eth0: phy 4a101000.mdio:01 not found on slave 1
+systemd-fsck[83]: Angstrom: clean, 50607/218160 files, 306348/872448 blocks
+
+.---O---.
+|       |                  .-.           o o
+|   |   |-----.-----.-----.| |   .----..-----.-----.
+|       |     | __  |  ---'| '--.|  .-'|     |     |
+|   |   |  |  |     |---  ||  --'|  |  |  '  | | | |
+'---'---'--'--'--.  |-----''----''--'  '-----'-'-'-'
+                -'  |
+                '---'
+
+The Angstrom Distribution beaglebone ttyO0
+
+Angstrom v2012.12 - Kernel 3.14.1+
+
+beaglebone login:
+
+At this point your kernel has been verified and you can be sure that it is one
+that you signed. As an exercise, try changing image.fit as in step 5 and see
+what happens.
+
+
+Further Improvements
+--------------------
+
+Several of the steps here can be easily automated. In particular it would be
+capital if signing and packaging a kernel were easy, perhaps a simple make
+target in the kernel.
+
+Some mention of how to use multiple .dtb files in a FIT might be useful.
+
+U-Boot's verified boot mechanism has not had a robust and independent security
+review. Such a review should look at the implementation and its resistance to
+attacks.
+
+Perhaps the verified boot feature could could be integrated into the Amstrom
+distribution.
+
+
+Simon Glass
+sjg at chromium.org
+2-June-14
-- 
2.0.0.526.g5318336

[U-Boot] [PATCH] am335x_evm: Only enable OF_CONTROL/OF_SEPARATE on VBOOT for now

[Tom Rini]

We don't make use of the device tree otherwise yet (and will need to
think how to not break the current multi-board support) and this causes
further breakage with additional changes.

Signed-off-by: Tom Rini <trini@ti.com>
---
 include/configs/am335x_evm.h |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/configs/am335x_evm.h b/include/configs/am335x_evm.h
index 5ae8c46..a48b386 100644
--- a/include/configs/am335x_evm.h
+++ b/include/configs/am335x_evm.h
@@ -22,10 +22,10 @@
 # define CONFIG_FIT
 # define CONFIG_TIMESTAMP
 # define CONFIG_LZO
-# define CONFIG_OF_CONTROL
-# define CONFIG_OF_SEPARATE
-# define CONFIG_DEFAULT_DEVICE_TREE am335x-boneblack
 # ifdef CONFIG_ENABLE_VBOOT
+#  define CONFIG_OF_CONTROL
+#  define CONFIG_OF_SEPARATE
+#  define CONFIG_DEFAULT_DEVICE_TREE am335x-boneblack
 #  define CONFIG_FIT_SIGNATURE
 #  define CONFIG_RSA
 # endif
-- 
1.7.9.5

[U-Boot] [U-Boot, v2, 01/14] hash: Use uint8_t in preference to u8

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:41AM -0600, Simon Glass wrote:

> This type is more readily available on the host compiler, so use it instead.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/b1d163a3/attachment.pgp>

[U-Boot] [U-Boot, v2, 02/14] mkimage: Automatically expand FDT in more cases

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:42AM -0600, Simon Glass wrote:

> The original code did not cover every case and there was a missing negative
> sign in one case. Expand the coverage and fix the bug.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> mkimage: Automatically make space in FDT when full
> 
> When adding hashes or signatures, the target FDT may be full. Detect this
> and automatically try again after making 1KB of space.

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/9af7dcf9/attachment.pgp>

[U-Boot] [U-Boot, v2, 03/14] fdt: Rename the DEV_TREE_BIN Makefile flag to to EXT_DTB

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:43AM -0600, Simon Glass wrote:

> This seems like a better name. This is a patch-up to the earlier commit
> 63b4b5b, and also removes a redundant Makefile change.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/6132a8a6/attachment.pgp>

[U-Boot] [U-Boot, v2, 04/14] tools: Check arguments in fit_check_sign/fit_info

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:44AM -0600, Simon Glass wrote:

> These tools crash if no arguments are provided. Add checks to avoid this.
> 
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> Acked-by: Heiko Schocher <hs@denx.de>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/8a273e1a/attachment.pgp>

[U-Boot] [U-Boot, v2, 05/14] Reverse the meaning of the fit_config_verify() return code

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:45AM -0600, Simon Glass wrote:

> It is more common to have 0 mean OK, and -ve mean error. Change this
> function to work the same way to avoid confusion.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/d94c3e02/attachment.pgp>

[U-Boot] [U-Boot, v2, 07/14] image: Remove the fit_load_image() property parameter

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:47AM -0600, Simon Glass wrote:

> This can be obtained by looking up the image type, so is redundant. It is
> better to centralise this lookup to avoid errors.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/38c9e3c2/attachment.pgp>

[U-Boot] [U-Boot, v2, 08/14] bootm: Support android boot on sandbox

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:48AM -0600, Simon Glass wrote:

> A small change allows this to operate on sandbox.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/c92d98ad/attachment.pgp>

[U-Boot] [U-Boot, v2, 09/14] Fix small 'case' typo in image-fit.c

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:49AM -0600, Simon Glass wrote:

> This typo makes the comment confusing. Fix it.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/356146f3/attachment.pgp>

[U-Boot] [U-Boot, v2, 10/14] Avoid including config.h in command.h

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:50AM -0600, Simon Glass wrote:

> This is not necessary and prevents using this header when building tools.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/c71af9b2/attachment.pgp>

[U-Boot] [U-Boot, v2, 11/14] Allow compiling common/bootm.c on with HOSTCC

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:51AM -0600, Simon Glass wrote:

> We want to use some of the functionality in this file, so make it
> build on the host.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/fe19a332/attachment.pgp>

[U-Boot] [U-Boot, v2, 12/14] bootm: Move decompression code into its own function

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:52AM -0600, Simon Glass wrote:

> This makes it possible to decompress an image without it being a kernel
> and without intending to boot it (as it needed for host tools, for example).
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/b85f5d34/attachment.pgp>

[U-Boot] [U-Boot, v2, 14/14] Add documentation for verified boot on Beaglebone Black

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:54AM -0600, Simon Glass wrote:

> As an example of an end-to-end process for using verified boot in U-Boot,
> add a detailed description of the steps to be used for a Beaglebone
> Black.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/621209c6/attachment.pgp>

[U-Boot] [U-Boot, v2, 13/14] Enhance fit_check_sign to check all images

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:53AM -0600, Simon Glass wrote:

> At present this tool only checks the configuration signing. Have it also
> look at each of the images in the configuration and confirm that they
> verify.
> 
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> Acked-by: Heiko Schocher <hs@denx.de> (v1)

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/a9fc962b/attachment.pgp>

[U-Boot] [U-Boot, v2, 06/14] bootm: Split out code from cmd_bootm.c

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:46AM -0600, Simon Glass wrote:

> This file has code in three different categories:
> - Command processing
> - OS-specific boot code
> - Locating images and setting up to boot
> 
> Only the first category really belongs in a file called cmd_bootm.c.
> 
> Leave the command processing code where it is. Split out the OS-specific
> boot code into bootm_os.c. Split out the other code into bootm.c
> 
> Header files and extern declarations are tidied but otherwise no code
> changes are made, to make it easier to review.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

This, on am335x GP EVM doing UART booting (you can replicate the same on
beaglebone black with no SD card / nothing bootable on eMMC and holing
down the "user" button for the first boot, SYSBOOT pins will be set
until next hard power cycle) causes:
Sending /tmp/u-boot-spl.bin, 646 blocks: Give your local XMODEM receive
command now.
Bytes Sent:  82816   BPS:10461

Transfer complete
Sending: u-boot.img
Ymodem sectors/kbytes sent: 3433/429kyzModem - CRC mode,
4(SOH)/438(STX)/0(CAN) packets, 2 retries
Loaded 448676 bytes
No valid FDT found - please append one to U-Boot binary, use
u-boot-dtb.bin or define CONFIG_OF_EMBED. For sandbox, use -d <file.dtb>
initcall sequence 8085d568 failed at call 8083e678
### ERROR ### Please RESET the board ###

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/131fc0d6/attachment.pgp>

[U-Boot] [PATCH] am335x_evm: Only enable OF_CONTROL/OF_SEPARATE on VBOOT for now

[Tom Rini]

On Thu, Jun 19, 2014 at 08:48:08AM -0400, Tom Rini wrote:

> We don't make use of the device tree otherwise yet (and will need to
> think how to not break the current multi-board support) and this causes
> further breakage with additional changes.
> 
> Signed-off-by: Tom Rini <trini@ti.com>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/3be92451/attachment.pgp>

[U-Boot] [PATCH v2 06/14] bootm: Split out code from cmd_bootm.c

[Tom Rini]

On Thu, Jun 12, 2014 at 07:24:46AM -0600, Simon Glass wrote:

> This file has code in three different categories:
> - Command processing
> - OS-specific boot code
> - Locating images and setting up to boot
> 
> Only the first category really belongs in a file called cmd_bootm.c.
> 
> Leave the command processing code where it is. Split out the OS-specific
> boot code into bootm_os.c. Split out the other code into bootm.c
> 
> Header files and extern declarations are tidied but otherwise no code
> changes are made, to make it easier to review.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks! ... is what I meant to say, oops :)

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/f9ca3196/attachment.pgp>

[U-Boot] [U-Boot, v2, 06/14] bootm: Split out code from cmd_bootm.c

[Tom Rini]

On Thu, Jun 19, 2014 at 11:23:24AM -0400, Tom Rini wrote:
> On Thu, Jun 12, 2014 at 07:24:46AM -0600, Simon Glass wrote:
> 
> > This file has code in three different categories:
> > - Command processing
> > - OS-specific boot code
> > - Locating images and setting up to boot
> > 
> > Only the first category really belongs in a file called cmd_bootm.c.
> > 
> > Leave the command processing code where it is. Split out the OS-specific
> > boot code into bootm_os.c. Split out the other code into bootm.c
> > 
> > Header files and extern declarations are tidied but otherwise no code
> > changes are made, to make it easier to review.
> > 
> > Signed-off-by: Simon Glass <sjg@chromium.org>
> 
> This, on am335x GP EVM doing UART booting (you can replicate the same on
> beaglebone black with no SD card / nothing bootable on eMMC and holing
> down the "user" button for the first boot, SYSBOOT pins will be set
> until next hard power cycle) causes:
> Sending /tmp/u-boot-spl.bin, 646 blocks: Give your local XMODEM receive
> command now.
> Bytes Sent:  82816   BPS:10461
> 
> Transfer complete
> Sending: u-boot.img
> Ymodem sectors/kbytes sent: 3433/429kyzModem - CRC mode,
> 4(SOH)/438(STX)/0(CAN) packets, 2 retries
> Loaded 448676 bytes
> No valid FDT found - please append one to U-Boot binary, use
> u-boot-dtb.bin or define CONFIG_OF_EMBED. For sandbox, use -d <file.dtb>
> initcall sequence 8085d568 failed at call 8083e678
> ### ERROR ### Please RESET the board ###

... because I didn't use u-boot-dtb.img which is a functional change,
which is why I then sent out and applied this morning a patch to move
most of this support on am335x_evm to be under ENABLE_VBOOT.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/9d04a835/attachment.pgp>

[U-Boot] [U-Boot, v2, 06/14] bootm: Split out code from cmd_bootm.c

[Simon Glass]

Hi Tom,

On 19 June 2014 09:31, Tom Rini <trini@ti.com> wrote:
> On Thu, Jun 19, 2014 at 11:23:24AM -0400, Tom Rini wrote:
>> On Thu, Jun 12, 2014 at 07:24:46AM -0600, Simon Glass wrote:
>>
>> > This file has code in three different categories:
>> > - Command processing
>> > - OS-specific boot code
>> > - Locating images and setting up to boot
>> >
>> > Only the first category really belongs in a file called cmd_bootm.c.
>> >
>> > Leave the command processing code where it is. Split out the OS-specific
>> > boot code into bootm_os.c. Split out the other code into bootm.c
>> >
>> > Header files and extern declarations are tidied but otherwise no code
>> > changes are made, to make it easier to review.
>> >
>> > Signed-off-by: Simon Glass <sjg@chromium.org>
>>
>> This, on am335x GP EVM doing UART booting (you can replicate the same on
>> beaglebone black with no SD card / nothing bootable on eMMC and holing
>> down the "user" button for the first boot, SYSBOOT pins will be set
>> until next hard power cycle) causes:
>> Sending /tmp/u-boot-spl.bin, 646 blocks: Give your local XMODEM receive
>> command now.
>> Bytes Sent:  82816   BPS:10461
>>
>> Transfer complete
>> Sending: u-boot.img
>> Ymodem sectors/kbytes sent: 3433/429kyzModem - CRC mode,
>> 4(SOH)/438(STX)/0(CAN) packets, 2 retries
>> Loaded 448676 bytes
>> No valid FDT found - please append one to U-Boot binary, use
>> u-boot-dtb.bin or define CONFIG_OF_EMBED. For sandbox, use -d <file.dtb>
>> initcall sequence 8085d568 failed at call 8083e678
>> ### ERROR ### Please RESET the board ###
>
> ... because I didn't use u-boot-dtb.img which is a functional change,
> which is why I then sent out and applied this morning a patch to move
> most of this support on am335x_evm to be under ENABLE_VBOOT.

Yes I was wondering whether you wanted things that way.

In this case I think the problem is that you need to download
'u-boot-dtb.img' instead. But there may be another problem.

Regards,
Simon

[U-Boot] [U-Boot, v2, 06/14] bootm: Split out code from cmd_bootm.c

[Tom Rini]

On Thu, Jun 19, 2014 at 05:27:51PM -0600, Simon Glass wrote:
> Hi Tom,
> 
> On 19 June 2014 09:31, Tom Rini <trini@ti.com> wrote:
> > On Thu, Jun 19, 2014 at 11:23:24AM -0400, Tom Rini wrote:
> >> On Thu, Jun 12, 2014 at 07:24:46AM -0600, Simon Glass wrote:
> >>
> >> > This file has code in three different categories:
> >> > - Command processing
> >> > - OS-specific boot code
> >> > - Locating images and setting up to boot
> >> >
> >> > Only the first category really belongs in a file called cmd_bootm.c.
> >> >
> >> > Leave the command processing code where it is. Split out the OS-specific
> >> > boot code into bootm_os.c. Split out the other code into bootm.c
> >> >
> >> > Header files and extern declarations are tidied but otherwise no code
> >> > changes are made, to make it easier to review.
> >> >
> >> > Signed-off-by: Simon Glass <sjg@chromium.org>
> >>
> >> This, on am335x GP EVM doing UART booting (you can replicate the same on
> >> beaglebone black with no SD card / nothing bootable on eMMC and holing
> >> down the "user" button for the first boot, SYSBOOT pins will be set
> >> until next hard power cycle) causes:
> >> Sending /tmp/u-boot-spl.bin, 646 blocks: Give your local XMODEM receive
> >> command now.
> >> Bytes Sent:  82816   BPS:10461
> >>
> >> Transfer complete
> >> Sending: u-boot.img
> >> Ymodem sectors/kbytes sent: 3433/429kyzModem - CRC mode,
> >> 4(SOH)/438(STX)/0(CAN) packets, 2 retries
> >> Loaded 448676 bytes
> >> No valid FDT found - please append one to U-Boot binary, use
> >> u-boot-dtb.bin or define CONFIG_OF_EMBED. For sandbox, use -d <file.dtb>
> >> initcall sequence 8085d568 failed at call 8083e678
> >> ### ERROR ### Please RESET the board ###
> >
> > ... because I didn't use u-boot-dtb.img which is a functional change,
> > which is why I then sent out and applied this morning a patch to move
> > most of this support on am335x_evm to be under ENABLE_VBOOT.
> 
> Yes I was wondering whether you wanted things that way.
> 
> In this case I think the problem is that you need to download
> 'u-boot-dtb.img' instead. But there may be another problem.

Right.  For today I'm not willing to change the default behavour.  But
I'm thinking the next time we add a new platform we think harder about
this (since one problem that needs thinking and fixing, or maybe just
louder documentation, is supporting N different platforms in a binary,
or at least a build, easily).

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140620/42b98d87/attachment.pgp>