From patchwork Wed Mar 18 17:44:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 243862 List-Id: U-Boot discussion From: sjg at chromium.org (Simon Glass) Date: Wed, 18 Mar 2020 11:44:03 -0600 Subject: [PATCH v2 09/14] fit_check_sign: Allow selecting the configuration to verify In-Reply-To: <20200318174408.77473-1-sjg@chromium.org> References: <20200318174408.77473-1-sjg@chromium.org> Message-ID: <20200318174408.77473-10-sjg@chromium.org> This tool always verifies the default configuration. It is useful to be able to verify a specific one. Add a command-line flag for this and plumb the logic through. Signed-off-by: Simon Glass --- Changes in v2: None tools/fdt_host.h | 3 ++- tools/fit_check_sign.c | 8 ++++++-- tools/image-host.c | 6 ++++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/tools/fdt_host.h b/tools/fdt_host.h index 99b009b221..15c07c7a96 100644 --- a/tools/fdt_host.h +++ b/tools/fdt_host.h @@ -27,6 +27,7 @@ */ int fdt_remove_unused_strings(const void *old, void *new); -int fit_check_sign(const void *working_fdt, const void *key); +int fit_check_sign(const void *fit, const void *key, + const char *fit_uname_config); #endif /* __FDT_HOST_H__ */ diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c index 4528743792..9375d5cf72 100644 --- a/tools/fit_check_sign.c +++ b/tools/fit_check_sign.c @@ -41,6 +41,7 @@ int main(int argc, char **argv) void *fit_blob; char *fdtfile = NULL; char *keyfile = NULL; + char *config_name = NULL; char cmdname[256]; int ret; void *key_blob; @@ -48,7 +49,7 @@ int main(int argc, char **argv) strncpy(cmdname, *argv, sizeof(cmdname) - 1); cmdname[sizeof(cmdname) - 1] = '\0'; - while ((c = getopt(argc, argv, "f:k:")) != -1) + while ((c = getopt(argc, argv, "f:k:c:")) != -1) switch (c) { case 'f': fdtfile = optarg; @@ -56,6 +57,9 @@ int main(int argc, char **argv) case 'k': keyfile = optarg; break; + case 'c': + config_name = optarg; + break; default: usage(cmdname); break; @@ -78,7 +82,7 @@ int main(int argc, char **argv) return EXIT_FAILURE; image_set_host_blob(key_blob); - ret = fit_check_sign(fit_blob, key_blob); + ret = fit_check_sign(fit_blob, key_blob, config_name); if (!ret) { ret = EXIT_SUCCESS; fprintf(stderr, "Signature check OK\n"); diff --git a/tools/image-host.c b/tools/image-host.c index b3ec197dc9..dfea48e894 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -1025,12 +1025,13 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, } #ifdef CONFIG_FIT_SIGNATURE -int fit_check_sign(const void *fit, const void *key) +int fit_check_sign(const void *fit, const void *key, + const char *fit_uname_config) { int cfg_noffset; int ret; - cfg_noffset = fit_conf_get_node(fit, NULL); + cfg_noffset = fit_conf_get_node(fit, fit_uname_config); if (!cfg_noffset) return -1; @@ -1039,6 +1040,7 @@ int fit_check_sign(const void *fit, const void *key) ret = fit_config_verify(fit, cfg_noffset); if (ret) return ret; + printf("Verified OK, loading images\n"); ret = bootm_host_load_images(fit, cfg_noffset); return ret;