1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
From 77b652268cacc0f114ba9e92b79e7ff372ec62ee Mon Sep 17 00:00:00 2001
From: Simon Glass <sjg@chromium.org>
Date: Tue, 31 Mar 2020 18:43:55 +0200
Subject: [PATCH] fit_check_sign: Allow selecting the configuration to verify
This tool always verifies the default configuration. It is useful to be
able to verify a specific one. Add a command-line flag for this and plumb
the logic through.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com>
---
tools/fdt_host.h | 3 ++-
tools/fit_check_sign.c | 8 ++++++--
tools/image-host.c | 6 ++++--
3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/tools/fdt_host.h b/tools/fdt_host.h
index 99b009b22109..15c07c7a96ed 100644
--- a/tools/fdt_host.h
+++ b/tools/fdt_host.h
@@ -27,6 +27,7 @@
*/
int fdt_remove_unused_strings(const void *old, void *new);
-int fit_check_sign(const void *working_fdt, const void *key);
+int fit_check_sign(const void *fit, const void *key,
+ const char *fit_uname_config);
#endif /* __FDT_HOST_H__ */
diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
index 62adc751cbce..303e878ddb4d 100644
--- a/tools/fit_check_sign.c
+++ b/tools/fit_check_sign.c
@@ -41,6 +41,7 @@ int main(int argc, char **argv)
void *fit_blob;
char *fdtfile = NULL;
char *keyfile = NULL;
+ char *config_name = NULL;
char cmdname[256];
int ret;
void *key_blob;
@@ -48,7 +49,7 @@ int main(int argc, char **argv)
strncpy(cmdname, *argv, sizeof(cmdname) - 1);
cmdname[sizeof(cmdname) - 1] = '\0';
- while ((c = getopt(argc, argv, "f:k:")) != -1)
+ while ((c = getopt(argc, argv, "f:k:c:")) != -1)
switch (c) {
case 'f':
fdtfile = optarg;
@@ -56,6 +57,9 @@ int main(int argc, char **argv)
case 'k':
keyfile = optarg;
break;
+ case 'c':
+ config_name = optarg;
+ break;
default:
usage(cmdname);
break;
@@ -78,7 +82,7 @@ int main(int argc, char **argv)
return EXIT_FAILURE;
image_set_host_blob(key_blob);
- ret = fit_check_sign(fit_blob, key_blob);
+ ret = fit_check_sign(fit_blob, key_blob, config_name);
if (!ret) {
ret = EXIT_SUCCESS;
fprintf(stderr, "Signature check OK\n");
diff --git a/tools/image-host.c b/tools/image-host.c
index 8e94ee8f3e31..28474bc7fc8b 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -734,12 +734,13 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
}
#ifdef CONFIG_FIT_SIGNATURE
-int fit_check_sign(const void *fit, const void *key)
+int fit_check_sign(const void *fit, const void *key,
+ const char *fit_uname_config)
{
int cfg_noffset;
int ret;
- cfg_noffset = fit_conf_get_node(fit, NULL);
+ cfg_noffset = fit_conf_get_node(fit, fit_uname_config);
if (!cfg_noffset)
return -1;
@@ -748,6 +749,7 @@ int fit_check_sign(const void *fit, const void *key)
ret = fit_config_verify(fit, cfg_noffset);
if (ret)
return ret;
+ printf("Verified OK, loading images\n");
ret = bootm_host_load_images(fit, cfg_noffset);
return ret;
--
2.17.1
|