[PATCH v2] spl: Add callback for preprocessing loaded FIT header before parsing

From: Farhan Ali <farhan.ali@broadcom.com>
To: u-boot@lists.denx.de
Subject: [PATCH v2] spl: Add callback for preprocessing loaded FIT header before parsing
Date: Tue,  9 Mar 2021 15:55:30 -0800	[thread overview]
Message-ID: <20210309235530.184179-1-farhan.ali@broadcom.com> (raw)
In-Reply-To: <20210224232531.22899-1-farhan.ali@broadcom.com>

This change adds a callback for preprocessing the FIT header before
it is parsed. There are 3 main reasons for this callback:

(1) If a vulnerability is discovered in the FIT parsing/loading code,
or libfdt, this callback allows users to scan the FIT header for
specific exploit signatures and prevent flashing/booting of the image

(2) If users want to implement a single signature which covers the
entire FIT header, which is then appended to the end of the header,
then this callback can be used to authenticate that signature.

(3) If users want to check the FIT header contents against specific
metadata stored outside the FIT header, then this callback allows
them to do that.

Signed-off-by: Farhan Ali <farhan.ali@broadcom.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Philippe Reynes <philippe.reynes@softathome.com>
Cc: Samuel Holland <samuel@sholland.org>

---
Changes for v2:
   - Callback now returns a value
   - Added a log message on failure
---
 common/spl/spl_fit.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index 75c8ff0..01aee1c 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -43,6 +43,14 @@ __weak ulong board_spl_fit_size_align(ulong size)
 	return size;
 }
 
+__weak int board_spl_fit_pre_load(struct spl_load_info *load_info,
+				  const void *fit,
+				  ulong start_sector,
+				  ulong loaded_sector_count)
+{
+	return 0;
+}
+
 static int find_node_from_desc(const void *fit, int node, const char *str)
 {
 	int child;
@@ -527,6 +535,7 @@ static int spl_simple_fit_read(struct spl_fit_info *ctx,
 	unsigned long count, size;
 	int sectors;
 	void *buf;
+	int rc = 0;
 
 	/*
 	 * For FIT with external data, figure out where the external images
@@ -552,7 +561,18 @@ static int spl_simple_fit_read(struct spl_fit_info *ctx,
 	debug("fit read sector %lx, sectors=%d, dst=%p, count=%lu, size=0x%lx\n",
 	      sector, sectors, buf, count, size);
 
-	return (count == 0) ? -EIO : 0;
+	if (count) {
+		/* preprocess loaded fit header before parsing and loading binaries */
+		rc = board_spl_fit_pre_load(info, fit_header, sector, sectors);
+		if (rc) {
+			debug("%s: fit header pre processing failed. rc=%d\n",
+			      __func__, rc);
+		}
+	} else {
+		rc = -EIO;
+	}
+
+	return rc;
 }
 
 static int spl_simple_fit_parse(struct spl_fit_info *ctx)
-- 
1.8.3.1
