[PATCH 0/4] cmd: mvebu/bubt: Improvements for image verification

[PATCH 0/4] cmd: mvebu/bubt: Improvements for image verification

[Pali Rohár]

This patch series improves verification of bootable Marvell Armada
images in U-Boot bubt command before flashing into boot location.

Pali Rohár (4):
  cmd: mvebu/bubt: Verify image type for all 32-bit Aramda SoCs and
    Armada 3700
  cmd: mvebu/bubt: Correctly propagate failure during tftp transport
  cmd: mvebu/bubt: Add support for sha512 checksum validation for Armada
    3700
  cmd: mvebu/bubt: Fix cmd main return value on error

 cmd/mvebu/Kconfig |  1 +
 cmd/mvebu/bubt.c  | 98 +++++++++++++++++++++++++++++++----------------
 2 files changed, 67 insertions(+), 32 deletions(-)

-- 
2.20.1

[PATCH 1/4] cmd: mvebu/bubt: Verify image type for all 32-bit Aramda SoCs and Armada 3700

[Pali Rohár]

Current image type verification code is specific to 32-bit Armada SoCs but
used only for Armada 38x. Implement image type verification for Armada 3700
and enable Armada 38x image verification for all 32-bit Armada SoCs.

Signed-off-by: Pali Rohár <pali@kernel.org>
---
 cmd/mvebu/bubt.c | 74 +++++++++++++++++++++++++++++++-----------------
 1 file changed, 48 insertions(+), 26 deletions(-)

diff --git a/cmd/mvebu/bubt.c b/cmd/mvebu/bubt.c
index 1362c03bcee5..a05e22a5479c 100644
--- a/cmd/mvebu/bubt.c
+++ b/cmd/mvebu/bubt.c
@@ -56,6 +56,21 @@ struct mvebu_image_header {
 #define IMAGE_VERSION_3_6_0	0x030600
 #define IMAGE_VERSION_3_5_0	0x030500
 
+struct tim_boot_flash_sign {
+	unsigned int id;
+	const char *name;
+};
+
+struct tim_boot_flash_sign tim_boot_flash_signs[] = {
+	{ 0x454d4d08, "mmc"  },
+	{ 0x454d4d0b, "mmc"  },
+	{ 0x5350490a, "spi"  },
+	{ 0x5350491a, "nand" },
+	{ 0x55415223, "uart" },
+	{ 0x53415432, "sata" },
+	{},
+};
+
 struct common_tim_data {
 	u32	version;
 	u32	identifier;
@@ -83,7 +98,7 @@ struct mvebu_image_info {
 	u32	encrypt_start_offset;
 	u32	encrypt_size;
 };
-#endif
+#elif defined(CONFIG_ARMADA_32BIT)
 
 /* Structure of the main header, version 1 (Armada 370/XP/375/38x/39x) */
 struct a38x_main_hdr_v1 {
@@ -123,6 +138,8 @@ struct a38x_boot_mode a38x_boot_modes[] = {
 	{},
 };
 
+#endif
+
 struct bubt_dev {
 	char name[8];
 	size_t (*read)(const char *file_name);
@@ -635,7 +652,7 @@ static int check_image_header(void)
 
 	return 0;
 }
-#elif defined(CONFIG_ARMADA_38X)
+#elif defined(CONFIG_ARMADA_32BIT)
 static size_t a38x_header_size(const struct a38x_main_hdr_v1 *h)
 {
 	if (h->version == 1)
@@ -691,34 +708,39 @@ static int check_image_header(void)
 
 static int bubt_check_boot_mode(const struct bubt_dev *dst)
 {
-	if (IS_ENABLED(CONFIG_ARMADA_38X)) {
-		int mode;
-		const struct a38x_main_hdr_v1 *hdr =
-			(struct a38x_main_hdr_v1 *)get_load_addr();
-
-		for (mode = 0; mode < ARRAY_SIZE(a38x_boot_modes); mode++) {
-			if (strcmp(a38x_boot_modes[mode].name, dst->name) == 0)
-				break;
-		}
-
-		if (a38x_boot_modes[mode].id == hdr->blockid)
-			return 0;
+#if defined(CONFIG_ARMADA_3700) || defined(CONFIG_ARMADA_32BIT)
+	int mode;
+#if defined(CONFIG_ARMADA_3700)
+	const struct tim_boot_flash_sign *boot_modes = tim_boot_flash_signs;
+	const struct common_tim_data *hdr =
+		(struct common_tim_data *)get_load_addr();
+	u32 id = hdr->boot_flash_sign;
+#elif defined(CONFIG_ARMADA_32BIT)
+	const struct a38x_boot_mode *boot_modes = a38x_boot_modes;
+	const struct a38x_main_hdr_v1 *hdr =
+		(struct a38x_main_hdr_v1 *)get_load_addr();
+	u32 id = hdr->blockid;
+#endif
 
-		for (int i = 0; i < ARRAY_SIZE(a38x_boot_modes); i++) {
-			if (a38x_boot_modes[i].id == hdr->blockid) {
-				printf("Error: A38x image meant to be booted from "
-				       "\"%s\", not \"%s\"!\n",
-				       a38x_boot_modes[i].name, dst->name);
-				return -ENOEXEC;
-			}
-		}
+	for (mode = 0; boot_modes[mode].name; mode++) {
+		if (boot_modes[mode].id == id)
+			break;
+	}
 
-		printf("Error: unknown boot device in A38x image header: "
-		       "0x%x\n", hdr->blockid);
+	if (!boot_modes[mode].name) {
+		printf("Error: unknown boot device in image header: 0x%x\n", id);
 		return -ENOEXEC;
-	} else {
-		return 0;
 	}
+
+	if (strcmp(boot_modes[mode].name, dst->name) == 0)
+		return 0;
+
+	printf("Error: image meant to be booted from \"%s\", not \"%s\"!\n",
+	       boot_modes[mode].name, dst->name);
+	return -ENOEXEC;
+#else
+	return 0;
+#endif
 }
 
 static int bubt_verify(const struct bubt_dev *dst)
-- 
2.20.1

[PATCH 2/4] cmd: mvebu/bubt: Correctly propagate failure during tftp transport

[Pali Rohár]

net_loop() returns signed int type and negative value represents error.
tftp_read_file() returns unsigned size_t type and zero value represents
error. Casting signed negative value to unsigned size_t type cause losing
information about error and bubt thinks that no error happened, and
continue erasing SPI-NOR which cause malfunction device.

Fix this issue by correctly propagating failure during tftp transport.

With this change when there is no eth link, bubt does not erase SPI-NOR
anymore.

  => bubt
  Burning U-Boot image "flash-image.bin" from "tftp" to "spi"
  ethernet@30000 Waiting for PHY auto negotiation to complete......... TIMEOUT !
  ethernet@30000: No link.
  Error: Failed to read file flash-image.bin from tftp

Signed-off-by: Pali Rohár <pali@kernel.org>
---
 cmd/mvebu/bubt.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cmd/mvebu/bubt.c b/cmd/mvebu/bubt.c
index a05e22a5479c..2924b1539f32 100644
--- a/cmd/mvebu/bubt.c
+++ b/cmd/mvebu/bubt.c
@@ -455,11 +455,14 @@ static int is_usb_active(void)
 #ifdef CONFIG_CMD_NET
 static size_t tftp_read_file(const char *file_name)
 {
+	int ret;
+
 	/*
 	 * update global variable image_load_addr before tftp file from network
 	 */
 	image_load_addr = get_load_addr();
-	return net_loop(TFTPGET);
+	ret = net_loop(TFTPGET);
+	return ret > 0 ? ret : 0;
 }
 
 static int is_tftp_active(void)
-- 
2.20.1

[PATCH 3/4] cmd: mvebu/bubt: Add support for sha512 checksum validation for Armada 3700

[Pali Rohár]

Armada 3700 BootROM supports also images with sha512 checksums and
mox-imager tool [1] generates such bootable images. Without sha512 support
U-Boot bubt command just prints error message:

  Error: Unsupported hash_algorithm_id = 64
  Error: Image header verification failed

This patch adds support for sha512 checksum validation for Armada 3700
images. With it bubt prints:

  Image checksum...OK!

[1] - https://gitlab.nic.cz/turris/mox-boot-builder.git

Signed-off-by: Pali Rohár <pali@kernel.org>
---
 cmd/mvebu/Kconfig | 1 +
 cmd/mvebu/bubt.c  | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/cmd/mvebu/Kconfig b/cmd/mvebu/Kconfig
index 39963db82c98..120397d6d4d0 100644
--- a/cmd/mvebu/Kconfig
+++ b/cmd/mvebu/Kconfig
@@ -4,6 +4,7 @@ depends on ARCH_MVEBU
 config CMD_MVEBU_BUBT
 	bool "bubt"
 	select SHA256 if ARMADA_3700
+	select SHA512 if ARMADA_3700
 	help
 	  bubt - Burn a u-boot image to flash
 	  For details about bubt command please see the documentation
diff --git a/cmd/mvebu/bubt.c b/cmd/mvebu/bubt.c
index 2924b1539f32..276069a0efc2 100644
--- a/cmd/mvebu/bubt.c
+++ b/cmd/mvebu/bubt.c
@@ -26,6 +26,7 @@
 #endif
 #include <u-boot/sha1.h>
 #include <u-boot/sha256.h>
+#include <u-boot/sha512.h>
 
 #if defined(CONFIG_ARMADA_8K)
 #define MAIN_HDR_MAGIC		0xB105B002
@@ -566,8 +567,10 @@ static int check_image_header(void)
 	int image_num;
 	u8 hash_160_output[SHA1_SUM_LEN];
 	u8 hash_256_output[SHA256_SUM_LEN];
+	u8 hash_512_output[SHA512_SUM_LEN];
 	sha1_context hash1_text;
 	sha256_context hash256_text;
+	sha512_context hash512_text;
 	u8 *hash_output;
 	u32 hash_algorithm_id;
 	u32 image_size_to_hash;
@@ -637,6 +640,12 @@ static int check_image_header(void)
 			sha256_finish(&hash256_text, hash_256_output);
 			hash_output = hash_256_output;
 			break;
+		case SHA512_SUM_LEN:
+			sha512_starts(&hash512_text);
+			sha512_update(&hash512_text, buff, image_size_to_hash);
+			sha512_finish(&hash512_text, hash_512_output);
+			hash_output = hash_512_output;
+			break;
 		default:
 			printf("Error: Unsupported hash_algorithm_id = %d\n",
 			       hash_algorithm_id);
-- 
2.20.1

[PATCH 4/4] cmd: mvebu/bubt: Fix cmd main return value on error

[Pali Rohár]

Negative return value from cmd main function cause U-Boot to print criplic
error message: exit not allowed from main input shell.

Set return value on error to 1.

Signed-off-by: Pali Rohár <pali@kernel.org>
---
 cmd/mvebu/bubt.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/cmd/mvebu/bubt.c b/cmd/mvebu/bubt.c
index 276069a0efc2..ffa05bc20181 100644
--- a/cmd/mvebu/bubt.c
+++ b/cmd/mvebu/bubt.c
@@ -870,11 +870,11 @@ int do_bubt_cmd(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
 	dst = find_bubt_dev(dst_dev_name);
 	if (!dst) {
 		printf("Error: Unknown destination \"%s\"\n", dst_dev_name);
-		return -EINVAL;
+		return 1;
 	}
 
 	if (!bubt_is_dev_active(dst))
-		return -ENODEV;
+		return 1;
 
 	/* Figure out the source device */
 	src = find_bubt_dev(src_dev_name);
@@ -891,15 +891,15 @@ int do_bubt_cmd(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
 
 	image_size = bubt_read_file(src);
 	if (!image_size)
-		return -EIO;
+		return 1;
 
 	err = bubt_verify(dst);
 	if (err)
-		return err;
+		return 1;
 
 	err = bubt_write_file(dst, image_size);
 	if (err)
-		return err;
+		return 1;
 
 	return 0;
 }
-- 
2.20.1

Re: [PATCH 1/4] cmd: mvebu/bubt: Verify image type for all 32-bit Aramda SoCs and Armada 3700

[Stefan Roese]

On 26.07.22 16:11, Pali Rohár wrote:
> Current image type verification code is specific to 32-bit Armada SoCs but
> used only for Armada 38x. Implement image type verification for Armada 3700
> and enable Armada 38x image verification for all 32-bit Armada SoCs.
> 
> Signed-off-by: Pali Rohár <pali@kernel.org>

Reviewed-by: Stefan Roese <sr@denx.de>

Thanks,
Stefan

> ---
>   cmd/mvebu/bubt.c | 74 +++++++++++++++++++++++++++++++-----------------
>   1 file changed, 48 insertions(+), 26 deletions(-)
> 
> diff --git a/cmd/mvebu/bubt.c b/cmd/mvebu/bubt.c
> index 1362c03bcee5..a05e22a5479c 100644
> --- a/cmd/mvebu/bubt.c
> +++ b/cmd/mvebu/bubt.c
> @@ -56,6 +56,21 @@ struct mvebu_image_header {
>   #define IMAGE_VERSION_3_6_0	0x030600
>   #define IMAGE_VERSION_3_5_0	0x030500
>   
> +struct tim_boot_flash_sign {
> +	unsigned int id;
> +	const char *name;
> +};
> +
> +struct tim_boot_flash_sign tim_boot_flash_signs[] = {
> +	{ 0x454d4d08, "mmc"  },
> +	{ 0x454d4d0b, "mmc"  },
> +	{ 0x5350490a, "spi"  },
> +	{ 0x5350491a, "nand" },
> +	{ 0x55415223, "uart" },
> +	{ 0x53415432, "sata" },
> +	{},
> +};
> +
>   struct common_tim_data {
>   	u32	version;
>   	u32	identifier;
> @@ -83,7 +98,7 @@ struct mvebu_image_info {
>   	u32	encrypt_start_offset;
>   	u32	encrypt_size;
>   };
> -#endif
> +#elif defined(CONFIG_ARMADA_32BIT)
>   
>   /* Structure of the main header, version 1 (Armada 370/XP/375/38x/39x) */
>   struct a38x_main_hdr_v1 {
> @@ -123,6 +138,8 @@ struct a38x_boot_mode a38x_boot_modes[] = {
>   	{},
>   };
>   
> +#endif
> +
>   struct bubt_dev {
>   	char name[8];
>   	size_t (*read)(const char *file_name);
> @@ -635,7 +652,7 @@ static int check_image_header(void)
>   
>   	return 0;
>   }
> -#elif defined(CONFIG_ARMADA_38X)
> +#elif defined(CONFIG_ARMADA_32BIT)
>   static size_t a38x_header_size(const struct a38x_main_hdr_v1 *h)
>   {
>   	if (h->version == 1)
> @@ -691,34 +708,39 @@ static int check_image_header(void)
>   
>   static int bubt_check_boot_mode(const struct bubt_dev *dst)
>   {
> -	if (IS_ENABLED(CONFIG_ARMADA_38X)) {
> -		int mode;
> -		const struct a38x_main_hdr_v1 *hdr =
> -			(struct a38x_main_hdr_v1 *)get_load_addr();
> -
> -		for (mode = 0; mode < ARRAY_SIZE(a38x_boot_modes); mode++) {
> -			if (strcmp(a38x_boot_modes[mode].name, dst->name) == 0)
> -				break;
> -		}
> -
> -		if (a38x_boot_modes[mode].id == hdr->blockid)
> -			return 0;
> +#if defined(CONFIG_ARMADA_3700) || defined(CONFIG_ARMADA_32BIT)
> +	int mode;
> +#if defined(CONFIG_ARMADA_3700)
> +	const struct tim_boot_flash_sign *boot_modes = tim_boot_flash_signs;
> +	const struct common_tim_data *hdr =
> +		(struct common_tim_data *)get_load_addr();
> +	u32 id = hdr->boot_flash_sign;
> +#elif defined(CONFIG_ARMADA_32BIT)
> +	const struct a38x_boot_mode *boot_modes = a38x_boot_modes;
> +	const struct a38x_main_hdr_v1 *hdr =
> +		(struct a38x_main_hdr_v1 *)get_load_addr();
> +	u32 id = hdr->blockid;
> +#endif
>   
> -		for (int i = 0; i < ARRAY_SIZE(a38x_boot_modes); i++) {
> -			if (a38x_boot_modes[i].id == hdr->blockid) {
> -				printf("Error: A38x image meant to be booted from "
> -				       "\"%s\", not \"%s\"!\n",
> -				       a38x_boot_modes[i].name, dst->name);
> -				return -ENOEXEC;
> -			}
> -		}
> +	for (mode = 0; boot_modes[mode].name; mode++) {
> +		if (boot_modes[mode].id == id)
> +			break;
> +	}
>   
> -		printf("Error: unknown boot device in A38x image header: "
> -		       "0x%x\n", hdr->blockid);
> +	if (!boot_modes[mode].name) {
> +		printf("Error: unknown boot device in image header: 0x%x\n", id);
>   		return -ENOEXEC;
> -	} else {
> -		return 0;
>   	}
> +
> +	if (strcmp(boot_modes[mode].name, dst->name) == 0)
> +		return 0;
> +
> +	printf("Error: image meant to be booted from \"%s\", not \"%s\"!\n",
> +	       boot_modes[mode].name, dst->name);
> +	return -ENOEXEC;
> +#else
> +	return 0;
> +#endif
>   }
>   
>   static int bubt_verify(const struct bubt_dev *dst)

Viele Grüße,
Stefan Roese

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: sr@denx.de

Re: [PATCH 2/4] cmd: mvebu/bubt: Correctly propagate failure during tftp transport

[Stefan Roese]

On 26.07.22 16:11, Pali Rohár wrote:
> net_loop() returns signed int type and negative value represents error.
> tftp_read_file() returns unsigned size_t type and zero value represents
> error. Casting signed negative value to unsigned size_t type cause losing
> information about error and bubt thinks that no error happened, and
> continue erasing SPI-NOR which cause malfunction device.
> 
> Fix this issue by correctly propagating failure during tftp transport.
> 
> With this change when there is no eth link, bubt does not erase SPI-NOR
> anymore.
> 
>    => bubt
>    Burning U-Boot image "flash-image.bin" from "tftp" to "spi"
>    ethernet@30000 Waiting for PHY auto negotiation to complete......... TIMEOUT !
>    ethernet@30000: No link.
>    Error: Failed to read file flash-image.bin from tftp
> 
> Signed-off-by: Pali Rohár <pali@kernel.org>

Reviewed-by: Stefan Roese <sr@denx.de>

Thanks,
Stefan

> ---
>   cmd/mvebu/bubt.c | 5 ++++-
>   1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/cmd/mvebu/bubt.c b/cmd/mvebu/bubt.c
> index a05e22a5479c..2924b1539f32 100644
> --- a/cmd/mvebu/bubt.c
> +++ b/cmd/mvebu/bubt.c
> @@ -455,11 +455,14 @@ static int is_usb_active(void)
>   #ifdef CONFIG_CMD_NET
>   static size_t tftp_read_file(const char *file_name)
>   {
> +	int ret;
> +
>   	/*
>   	 * update global variable image_load_addr before tftp file from network
>   	 */
>   	image_load_addr = get_load_addr();
> -	return net_loop(TFTPGET);
> +	ret = net_loop(TFTPGET);
> +	return ret > 0 ? ret : 0;
>   }
>   
>   static int is_tftp_active(void)

Viele Grüße,
Stefan Roese

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: sr@denx.de

Re: [PATCH 3/4] cmd: mvebu/bubt: Add support for sha512 checksum validation for Armada 3700

[Stefan Roese]

On 26.07.22 16:11, Pali Rohár wrote:
> Armada 3700 BootROM supports also images with sha512 checksums and
> mox-imager tool [1] generates such bootable images. Without sha512 support
> U-Boot bubt command just prints error message:
> 
>    Error: Unsupported hash_algorithm_id = 64
>    Error: Image header verification failed
> 
> This patch adds support for sha512 checksum validation for Armada 3700
> images. With it bubt prints:
> 
>    Image checksum...OK!
> 
> [1] - https://gitlab.nic.cz/turris/mox-boot-builder.git
> 
> Signed-off-by: Pali Rohár <pali@kernel.org>

Reviewed-by: Stefan Roese <sr@denx.de>

Thanks,
Stefan

> ---
>   cmd/mvebu/Kconfig | 1 +
>   cmd/mvebu/bubt.c  | 9 +++++++++
>   2 files changed, 10 insertions(+)
> 
> diff --git a/cmd/mvebu/Kconfig b/cmd/mvebu/Kconfig
> index 39963db82c98..120397d6d4d0 100644
> --- a/cmd/mvebu/Kconfig
> +++ b/cmd/mvebu/Kconfig
> @@ -4,6 +4,7 @@ depends on ARCH_MVEBU
>   config CMD_MVEBU_BUBT
>   	bool "bubt"
>   	select SHA256 if ARMADA_3700
> +	select SHA512 if ARMADA_3700
>   	help
>   	  bubt - Burn a u-boot image to flash
>   	  For details about bubt command please see the documentation
> diff --git a/cmd/mvebu/bubt.c b/cmd/mvebu/bubt.c
> index 2924b1539f32..276069a0efc2 100644
> --- a/cmd/mvebu/bubt.c
> +++ b/cmd/mvebu/bubt.c
> @@ -26,6 +26,7 @@
>   #endif
>   #include <u-boot/sha1.h>
>   #include <u-boot/sha256.h>
> +#include <u-boot/sha512.h>
>   
>   #if defined(CONFIG_ARMADA_8K)
>   #define MAIN_HDR_MAGIC		0xB105B002
> @@ -566,8 +567,10 @@ static int check_image_header(void)
>   	int image_num;
>   	u8 hash_160_output[SHA1_SUM_LEN];
>   	u8 hash_256_output[SHA256_SUM_LEN];
> +	u8 hash_512_output[SHA512_SUM_LEN];
>   	sha1_context hash1_text;
>   	sha256_context hash256_text;
> +	sha512_context hash512_text;
>   	u8 *hash_output;
>   	u32 hash_algorithm_id;
>   	u32 image_size_to_hash;
> @@ -637,6 +640,12 @@ static int check_image_header(void)
>   			sha256_finish(&hash256_text, hash_256_output);
>   			hash_output = hash_256_output;
>   			break;
> +		case SHA512_SUM_LEN:
> +			sha512_starts(&hash512_text);
> +			sha512_update(&hash512_text, buff, image_size_to_hash);
> +			sha512_finish(&hash512_text, hash_512_output);
> +			hash_output = hash_512_output;
> +			break;
>   		default:
>   			printf("Error: Unsupported hash_algorithm_id = %d\n",
>   			       hash_algorithm_id);

Viele Grüße,
Stefan Roese

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: sr@denx.de

Re: [PATCH 4/4] cmd: mvebu/bubt: Fix cmd main return value on error

[Stefan Roese]

On 26.07.22 16:11, Pali Rohár wrote:
> Negative return value from cmd main function cause U-Boot to print criplic
> error message: exit not allowed from main input shell.
> 
> Set return value on error to 1.
> 
> Signed-off-by: Pali Rohár <pali@kernel.org>

Reviewed-by: Stefan Roese <sr@denx.de>

Thanks,
Stefan

> ---
>   cmd/mvebu/bubt.c | 10 +++++-----
>   1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/cmd/mvebu/bubt.c b/cmd/mvebu/bubt.c
> index 276069a0efc2..ffa05bc20181 100644
> --- a/cmd/mvebu/bubt.c
> +++ b/cmd/mvebu/bubt.c
> @@ -870,11 +870,11 @@ int do_bubt_cmd(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
>   	dst = find_bubt_dev(dst_dev_name);
>   	if (!dst) {
>   		printf("Error: Unknown destination \"%s\"\n", dst_dev_name);
> -		return -EINVAL;
> +		return 1;
>   	}
>   
>   	if (!bubt_is_dev_active(dst))
> -		return -ENODEV;
> +		return 1;
>   
>   	/* Figure out the source device */
>   	src = find_bubt_dev(src_dev_name);
> @@ -891,15 +891,15 @@ int do_bubt_cmd(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
>   
>   	image_size = bubt_read_file(src);
>   	if (!image_size)
> -		return -EIO;
> +		return 1;
>   
>   	err = bubt_verify(dst);
>   	if (err)
> -		return err;
> +		return 1;
>   
>   	err = bubt_write_file(dst, image_size);
>   	if (err)
> -		return err;
> +		return 1;
>   
>   	return 0;
>   }

Viele Grüße,
Stefan Roese

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: sr@denx.de

Re: [PATCH 0/4] cmd: mvebu/bubt: Improvements for image verification

[Stefan Roese]

On 26.07.22 16:11, Pali Rohár wrote:
> This patch series improves verification of bootable Marvell Armada
> images in U-Boot bubt command before flashing into boot location.
> 
> Pali Rohár (4):
>    cmd: mvebu/bubt: Verify image type for all 32-bit Aramda SoCs and
>      Armada 3700
>    cmd: mvebu/bubt: Correctly propagate failure during tftp transport
>    cmd: mvebu/bubt: Add support for sha512 checksum validation for Armada
>      3700
>    cmd: mvebu/bubt: Fix cmd main return value on error
> 
>   cmd/mvebu/Kconfig |  1 +
>   cmd/mvebu/bubt.c  | 98 +++++++++++++++++++++++++++++++----------------
>   2 files changed, 67 insertions(+), 32 deletions(-)
> 

Applied to u-boot-marvell/master

Thanks,
Stefan