Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-30 08:07:59 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fit_check_sign: Allow selecting the configuration to verify

Browse source 
This tool always verifies the default configuration. It is useful to be
able to verify a specific one. Add a command-line flag for this and plumb
the logic through.

Signed-off-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Simon Glass 2020-03-18 11:44:03 -06:00
parent 8a9d03732e
commit c3aa81e35c
3 changed files with 12 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
tools/fdt_host.h
View file

@ -27,6 +27,7 @@
*/ */
int fdt_remove_unused_strings(const void *old, void *new); int fdt_remove_unused_strings(const void *old, void *new);
int fit_check_sign(const void *working_fdt, const void *key); int fit_check_sign(const void *fit, const void *key,
const char *fit_uname_config);
#endif /* __FDT_HOST_H__ */ #endif /* __FDT_HOST_H__ */

8
tools/fit_check_sign.c
View file

@ -41,6 +41,7 @@ int main(int argc, char **argv)
void *fit_blob; void *fit_blob;
char *fdtfile = NULL; char *fdtfile = NULL;
char *keyfile = NULL; char *keyfile = NULL;
char *config_name = NULL;
char cmdname[256]; char cmdname[256];
int ret; int ret;
void *key_blob; void *key_blob;
@ -48,7 +49,7 @@ int main(int argc, char **argv)
strncpy(cmdname, *argv, sizeof(cmdname) - 1); strncpy(cmdname, *argv, sizeof(cmdname) - 1);
cmdname[sizeof(cmdname) - 1] = '\0'; cmdname[sizeof(cmdname) - 1] = '\0';
while ((c = getopt(argc, argv, "f:k:")) != -1) while ((c = getopt(argc, argv, "f:k:c:")) != -1)
switch (c) { switch (c) {
case 'f': case 'f':
fdtfile = optarg; fdtfile = optarg;
@ -56,6 +57,9 @@ int main(int argc, char **argv)
case 'k': case 'k':
keyfile = optarg; keyfile = optarg;
break; break;
case 'c':
config_name = optarg;
break;
default: default:
usage(cmdname); usage(cmdname);
break; break;
@ -78,7 +82,7 @@ int main(int argc, char **argv)
return EXIT_FAILURE; return EXIT_FAILURE;
image_set_host_blob(key_blob); image_set_host_blob(key_blob);
ret = fit_check_sign(fit_blob, key_blob); ret = fit_check_sign(fit_blob, key_blob, config_name);
if (!ret) { if (!ret) {
ret = EXIT_SUCCESS; ret = EXIT_SUCCESS;
fprintf(stderr, "Signature check OK\n"); fprintf(stderr, "Signature check OK\n");

6
tools/image-host.c
View file

@ -1025,12 +1025,13 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
} }
#ifdef CONFIG_FIT_SIGNATURE #ifdef CONFIG_FIT_SIGNATURE
int fit_check_sign(const void *fit, const void *key) int fit_check_sign(const void *fit, const void *key,
const char *fit_uname_config)
{ {
int cfg_noffset; int cfg_noffset;
int ret; int ret;
cfg_noffset = fit_conf_get_node(fit, NULL); cfg_noffset = fit_conf_get_node(fit, fit_uname_config);
if (!cfg_noffset) if (!cfg_noffset)
return -1; return -1;
@ -1039,6 +1040,7 @@ int fit_check_sign(const void *fit, const void *key)
ret = fit_config_verify(fit, cfg_noffset); ret = fit_config_verify(fit, cfg_noffset);
if (ret) if (ret)
return ret; return ret;
printf("Verified OK, loading images\n");
ret = bootm_host_load_images(fit, cfg_noffset); ret = bootm_host_load_images(fit, cfg_noffset);
return ret; return ret;