From patchwork Fri Oct 27 06:04:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 117285 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp389394qgn; Thu, 26 Oct 2017 23:06:34 -0700 (PDT) X-Google-Smtp-Source: ABhQp+S3rxMi0xiulF+9bJY9jeMsMJ1scD+yqRYenmlNtJZeiS29D/FhgmcWPiWQ0SlAHyH6jRE7 X-Received: by 10.80.157.199 with SMTP id l7mr31099578edk.170.1509084394232; Thu, 26 Oct 2017 23:06:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509084394; cv=none; d=google.com; s=arc-20160816; b=ZktBCW9qFAjNTQD07G0tUD3k5PeKJRU0OU6zZvjolGLsUi8E+iloBka4PM3EpJq/KB 2qWChNtXpoADDtLqIAXLHhntVoWztRjESG90/COWUftnqRiL2UhzTeZFRXkioZXLylew n8/OMQHcWjdUizQ8WTXxXHEws0HeoKz/aC1mxAm5kP8NfMyMIV4Al4eBtPsj5WcFC/Ap odTJ2xMCm6VnrCouE29K10EL4z7cQNCLH6tEcg4do347A9itdC/nESEiWFUWg6zFJUUM L9rY92XmFgn/TG06ccKUb6jc9pVkxPEI1E9zNmjXVfIGwYwSduXGFPOwnIaqzLOb4PC+ xlKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:message-id:date:to:from :dkim-signature:dkim-filter:arc-authentication-results; bh=lj5nA+fJ9jx0U9RGB7wjPZaJJdmFzRMyGJGHVcuK8z4=; b=ea3nbVwu6pgTK3mqELPzRBpQ+06S9XgWP5gXnzBwVCrZdT6s8Nns5SKvyOLcNkb8Y2 4EPzmRwB7hxuCPUgYLYDJ6srGudKJWLjERNX2TC7xaqxAGLmQQGhXjQL32/qRz3LoWXb BN7C4krT7GiMZ8T5WLrGb0rCapos787d7ZdSLB1v/r51HYJyEGKfdYrq+hoXDRyRVwtK OjeWS/QF1Km6y5S76h3whsKku40oZLS6K8s8Qur5dk1NcNTUnutTUtLzD81ZAlykJBNv X1v8DicAn6oSuH1v7GmJK5hea+UiYB59Z4TEQS+TxRI42srJ7pDETVEbXwauh4llCjbC dhhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@nifty.com header.s=dec2015msa header.b=irJp246Z; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id l9si4140300edf.545.2017.10.26.23.06.33; Thu, 26 Oct 2017 23:06:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@nifty.com header.s=dec2015msa header.b=irJp246Z; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by lists.denx.de (Postfix, from userid 105) id B412EC21D63; Fri, 27 Oct 2017 06:06:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id AD45CC21CEC; Fri, 27 Oct 2017 06:05:25 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 51FB8C21C29; Fri, 27 Oct 2017 06:05:23 +0000 (UTC) Received: from conuserg-07.nifty.com (conuserg-07.nifty.com [210.131.2.74]) by lists.denx.de (Postfix) with ESMTPS id CAC96C21C34 for ; Fri, 27 Oct 2017 06:05:21 +0000 (UTC) Received: from pug.e01.socionext.com (p14092-ipngnfx01kyoto.kyoto.ocn.ne.jp [153.142.97.92]) (authenticated) by conuserg-07.nifty.com with ESMTP id v9R64Ogu013972; Fri, 27 Oct 2017 15:04:24 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-07.nifty.com v9R64Ogu013972 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1509084264; bh=8ApH3odgDBE25fj2NnwdpMTfZ8of8LkRx3jVFZOhPU0=; h=From:To:Cc:Subject:Date:From; b=irJp246ZsbLO52bxmzXcr0AMRTbHlKbhdAvnE8qdgoqwh1Z9mZPvqlKQ/bX3ap0iw 0YjjtbuXsWGg2vKj/4kebEwF3pNfL6UwVuaKivAOIeriYYpSUlQltGVpY3o3Z3uuF9 rxvt2IrUMKkJwXpa9cHbx+YliTz9/Su6XNsZRi1eolCqx6czOPqy2grm/407oa/Rjc Qq8ReIbC78dp6IAV2MpCPkX2zeeWuITVgEUo1HU+RSpmYASxO4e902IrCOdmWzUF3l 2xVC/PIO+jHxdQxqkmO7UIKrq9qvXgRNU/L0iXByxFJ6Ri06wFKBRR4PbfvdCJntP6 /sXKhpjAHJwKg== X-Nifty-SrcIP: [153.142.97.92] From: Masahiro Yamada To: u-boot@lists.denx.de Date: Fri, 27 Oct 2017 15:04:20 +0900 Message-Id: <1509084261-16126-1-git-send-email-yamada.masahiro@socionext.com> X-Mailer: git-send-email 2.7.4 Cc: Tom Rini Subject: [U-Boot] [PATCH 1/2] tools: image: allow to sign image nodes without -K option X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada --- tools/image-host.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tools/image-host.c b/tools/image-host.c index ad9a73a..d42c1ca 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -242,18 +242,19 @@ static int fit_image_process_sig(const char *keydir, void *keydest, /* Get keyname again, as FDT has changed and invalidated our pointer */ info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); - if (keydest) - ret = info.crypto->add_verify_data(&info, keydest); - else - return -1; - /* * Write the public key into the supplied FDT file; this might fail * several times, since we try signing with successively increasing * size values */ - if (keydest && ret) - return ret; + if (keydest) { + ret = info.crypto->add_verify_data(&info, keydest); + if (ret) { + printf("Failed to add verification data for '%s' signature node in '%s' image node\n", + node_name, image_name); + return ret; + } + } return 0; }