aboutsummaryrefslogtreecommitdiffstats
path: root/package/system/fwtool
Commit message (Collapse)AuthorAgeFilesLines
* fwtool: do not omit final 16 byte when image does not contain signatureJo-Philipp Wich2019-10-172-2/+4
| | | | | | | | | | | | | | | | | | The fwutil command will interpret the final 16 byte of a given firmware image files as "struct fwimage_trailer". In case these bytes do look like a valid trailer, we must ensure that we print them out along with the remainder of the image to not accidentally truncate non-trailer-images by 16 bytes when they're piped through fwtool, e.g. as part of an image verification command sequence. Some command sequences pipe images through fwtool in order to strip any possible metadata, certificate or signature trailers and do not expect bare images without any of that metadata to get truncated as other non- fwtool specific metadata is expected at the end of the file, e.g. an information block with an md5sum in case of the combined image format. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* fwtool: add support for extracting the truncated data part to stdoutFelix Fietkau2019-02-121-2/+23
| | | | | | | This allows extracing the firmware + metadata from a signed firmware without altering the original image file Signed-off-by: Felix Fietkau <nbd@nbd.name>
* fwtool: do not strip metadata if extracting signatureFelix Fietkau2019-02-121-1/+3
| | | | | | This allows the signature to cover the metadata area Signed-off-by: Felix Fietkau <nbd@nbd.name>
* fwtool: add utility for appending and extracting firmware metadata/signaturesFelix Fietkau2016-11-195-0/+693
This will be used to append extra information to images which allows the system to verify if an image is compatible with the system. The extra data is appended to the end of the image, where it will be ignored when upgrading from systems that do not process this data yet: If the image is a squashfs or jffs2 image, the extra data will land after the end-of-filesystem marker, where it will be overwritten once the system boots for the first timee. If the image is a sysupgrade tar file, tar will simply ignore the extra data when unpacking. The layout of the metadata/signature chunks is constructed in a way that the last part contains just a magic and size information, so that the tool can quickly check if any valid data is present without having to do a pattern search throughout the full image. Chunks also contain CRC32 information to detect file corruption, even when the image is not signed. Signed-off-by: Felix Fietkau <nbd@nbd.name>