From patchwork Fri Oct 27 06:04:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 117285 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp389394qgn; Thu, 26 Oct 2017 23:06:34 -0700 (PDT) X-Google-Smtp-Source: ABhQp+S3rxMi0xiulF+9bJY9jeMsMJ1scD+yqRYenmlNtJZeiS29D/FhgmcWPiWQ0SlAHyH6jRE7 X-Received: by 10.80.157.199 with SMTP id l7mr31099578edk.170.1509084394232; Thu, 26 Oct 2017 23:06:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509084394; cv=none; d=google.com; s=arc-20160816; b=ZktBCW9qFAjNTQD07G0tUD3k5PeKJRU0OU6zZvjolGLsUi8E+iloBka4PM3EpJq/KB 2qWChNtXpoADDtLqIAXLHhntVoWztRjESG90/COWUftnqRiL2UhzTeZFRXkioZXLylew n8/OMQHcWjdUizQ8WTXxXHEws0HeoKz/aC1mxAm5kP8NfMyMIV4Al4eBtPsj5WcFC/Ap odTJ2xMCm6VnrCouE29K10EL4z7cQNCLH6tEcg4do347A9itdC/nESEiWFUWg6zFJUUM L9rY92XmFgn/TG06ccKUb6jc9pVkxPEI1E9zNmjXVfIGwYwSduXGFPOwnIaqzLOb4PC+ xlKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:message-id:date:to:from :dkim-signature:dkim-filter:arc-authentication-results; bh=lj5nA+fJ9jx0U9RGB7wjPZaJJdmFzRMyGJGHVcuK8z4=; b=ea3nbVwu6pgTK3mqELPzRBpQ+06S9XgWP5gXnzBwVCrZdT6s8Nns5SKvyOLcNkb8Y2 4EPzmRwB7hxuCPUgYLYDJ6srGudKJWLjERNX2TC7xaqxAGLmQQGhXjQL32/qRz3LoWXb BN7C4krT7GiMZ8T5WLrGb0rCapos787d7ZdSLB1v/r51HYJyEGKfdYrq+hoXDRyRVwtK OjeWS/QF1Km6y5S76h3whsKku40oZLS6K8s8Qur5dk1NcNTUnutTUtLzD81ZAlykJBNv X1v8DicAn6oSuH1v7GmJK5hea+UiYB59Z4TEQS+TxRI42srJ7pDETVEbXwauh4llCjbC dhhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@nifty.com header.s=dec2015msa header.b=irJp246Z; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id l9si4140300edf.545.2017.10.26.23.06.33; Thu, 26 Oct 2017 23:06:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@nifty.com header.s=dec2015msa header.b=irJp246Z; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by lists.denx.de (Postfix, from userid 105) id B412EC21D63; Fri, 27 Oct 2017 06:06:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id AD45CC21CEC; Fri, 27 Oct 2017 06:05:25 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 51FB8C21C29; Fri, 27 Oct 2017 06:05:23 +0000 (UTC) Received: from conuserg-07.nifty.com (conuserg-07.nifty.com [210.131.2.74]) by lists.denx.de (Postfix) with ESMTPS id CAC96C21C34 for ; Fri, 27 Oct 2017 06:05:21 +0000 (UTC) Received: from pug.e01.socionext.com (p14092-ipngnfx01kyoto.kyoto.ocn.ne.jp [153.142.97.92]) (authenticated) by conuserg-07.nifty.com with ESMTP id v9R64Ogu013972; Fri, 27 Oct 2017 15:04:24 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-07.nifty.com v9R64Ogu013972 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1509084264; bh=8ApH3odgDBE25fj2NnwdpMTfZ8of8LkRx3jVFZOhPU0=; h=From:To:Cc:Subject:Date:From; b=irJp246ZsbLO52bxmzXcr0AMRTbHlKbhdAvnE8qdgoqwh1Z9mZPvqlKQ/bX3ap0iw 0YjjtbuXsWGg2vKj/4kebEwF3pNfL6UwVuaKivAOIeriYYpSUlQltGVpY3o3Z3uuF9 rxvt2IrUMKkJwXpa9cHbx+YliTz9/Su6XNsZRi1eolCqx6czOPqy2grm/407oa/Rjc Qq8ReIbC78dp6IAV2MpCPkX2zeeWuITVgEUo1HU+RSpmYASxO4e902IrCOdmWzUF3l 2xVC/PIO+jHxdQxqkmO7UIKrq9qvXgRNU/L0iXByxFJ6Ri06wFKBRR4PbfvdCJntP6 /sXKhpjAHJwKg== X-Nifty-SrcIP: [153.142.97.92] From: Masahiro Yamada To: u-boot@lists.denx.de Date: Fri, 27 Oct 2017 15:04:20 +0900 Message-Id: <1509084261-16126-1-git-send-email-yamada.masahiro@socionext.com> X-Mailer: git-send-email 2.7.4 Cc: Tom Rini Subject: [U-Boot] [PATCH 1/2] tools: image: allow to sign image nodes without -K option X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" If -K option is missing when you sign image nodes, it fails with an unclear error message: tools/mkimage Can't add hashes to FIT blob: -1 It is hard to figure out the cause of the failure. In contrast, when you sign configuration nodes, -K is optional because fit_config_process_sig() returns successfully if keydest is unset. Probably this is a preferred behavior when you want to update FIT with the same key; you do not have to update the public key in this case. So, this commit changes fit_image_process_sig() to continue signing without keydest. If ->add_verify_data() fails, show a clearer error message, which has been borrowed from fit_config_process_sig(). Signed-off-by: Masahiro Yamada --- tools/image-host.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tools/image-host.c b/tools/image-host.c index ad9a73a..d42c1ca 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -242,18 +242,19 @@ static int fit_image_process_sig(const char *keydir, void *keydest, /* Get keyname again, as FDT has changed and invalidated our pointer */ info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); - if (keydest) - ret = info.crypto->add_verify_data(&info, keydest); - else - return -1; - /* * Write the public key into the supplied FDT file; this might fail * several times, since we try signing with successively increasing * size values */ - if (keydest && ret) - return ret; + if (keydest) { + ret = info.crypto->add_verify_data(&info, keydest); + if (ret) { + printf("Failed to add verification data for '%s' signature node in '%s' image node\n", + node_name, image_name); + return ret; + } + } return 0; } From patchwork Fri Oct 27 06:04:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 117284 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp388461qgn; Thu, 26 Oct 2017 23:05:29 -0700 (PDT) X-Google-Smtp-Source: ABhQp+RN3wT973yr2y47I+jy/ynL5cSKx0X1M5d1dQagH2lehcfJxftQUZzJjJbueiGTx8vAo6gW X-Received: by 10.80.136.4 with SMTP id b4mr12882452edb.155.1509084329376; Thu, 26 Oct 2017 23:05:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509084329; cv=none; d=google.com; s=arc-20160816; b=bOq/fw/+4QPtYKqbSBs5o0zQNVFygLLQ616S+RYBHwp3yPuqcmhkHBjqRaZg7f7VQx vO2sClNiB6AUaUHu0bzL96fBGDkcC1O3k+pT5FnJ8vBq8FV9M4A3jLha69aaCiKsP2YU zGt8CqrzQslSXhqDoahPZlIETBk9ANasHR4JhFBxAeo7gQkvvb3wKuP6tjn4NLj+8Lia 8KYMS9lmkGJvbPQHte3d8d+viFfbztOpBfpiv3Yc9XI0JPkaYDj4AriUQ6sa043iVo4s CGaBno32WuKID8T2h1lo7I/J2I27KhsG7TyMZ+AYpy9P4wXbgorgCscX81xlrhFzeYDB AMdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:references:in-reply-to:message-id :date:to:from:dkim-signature:dkim-filter:arc-authentication-results; bh=Lna9kXH/ok0AEshhmX4Qj0PkasaH0q4eBi+gaVsQY20=; b=KaEXmnWvyY6znZ2x1bodQRLyotQRE9WT2eCYeWTd6Scvx3fY+2xzd1AfHXrYi1Mzra yw0g0wpN8sTycabBQICgiqziI2AlqxYeHGx1Uhg0DU8WoHZxAfAhvlCeq/vZfE4QrjgJ nakFQ1jGLbXFxhlvfbiFT3593glXEEk+w0hC2fAL4pz5hPCI+LZc0QAbXQIUUfHs9xX9 baoKPH7WKXeVwUWr+MAcOlGWkzwKOAzlDOxS+XqoB06+kpHJi7tLVvvDc/A6I3kTcPkJ O5zE7tF+WQf3cJeBPZouV3J0kEk78kTDEx8PDiEk/gC18fyfBZGh5sdbwKgVHWn292VE u2Ug== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@nifty.com header.s=dec2015msa header.b=ojATF2tQ; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id a32si1842419edf.314.2017.10.26.23.05.29; Thu, 26 Oct 2017 23:05:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@nifty.com header.s=dec2015msa header.b=ojATF2tQ; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by lists.denx.de (Postfix, from userid 105) id C6782C21DA9; Fri, 27 Oct 2017 06:05:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 086D4C21C34; Fri, 27 Oct 2017 06:05:25 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 47C25C21C46; Fri, 27 Oct 2017 06:05:23 +0000 (UTC) Received: from conuserg-07.nifty.com (conuserg-07.nifty.com [210.131.2.74]) by lists.denx.de (Postfix) with ESMTPS id AA394C21C29 for ; Fri, 27 Oct 2017 06:05:21 +0000 (UTC) Received: from pug.e01.socionext.com (p14092-ipngnfx01kyoto.kyoto.ocn.ne.jp [153.142.97.92]) (authenticated) by conuserg-07.nifty.com with ESMTP id v9R64Ogv013972; Fri, 27 Oct 2017 15:04:25 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-07.nifty.com v9R64Ogv013972 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1509084265; bh=5crAyMSgKwDv8tk6vOxqBuvlhKts9hN25c8A32Agnm0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ojATF2tQeqHBSW4XttpO230mR8/yvEpQcj1LKFBZX5Wc/hIueVKDW3w2SVozVrsxf AtdUU0ImdEnAWNvFNY5KoDRKQYI9ecz13QJgLgWyPofWJa9ewhGC99qZTx3FkM7bRW lucnp3e5CeWyULMKeSQSfFfgrveYEJ4oXCwpsxFKdtRZPJGWe/EoKY5fJ5HEjv0dqO F/luUarpiYgMFEYFpk1t/HddzVbqvT/NtmpVdN0/Nn6Ld44YIR3aK714lQy374PtbN H6PWUjW9tGC6rTRv3j5lqF4CFImzZxvj1FCIExfp9hsJ5y++dmY0KJPlhOFzD85YG7 BaJyatgT/jQ0w== X-Nifty-SrcIP: [153.142.97.92] From: Masahiro Yamada To: u-boot@lists.denx.de Date: Fri, 27 Oct 2017 15:04:21 +0900 Message-Id: <1509084261-16126-2-git-send-email-yamada.masahiro@socionext.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1509084261-16126-1-git-send-email-yamada.masahiro@socionext.com> References: <1509084261-16126-1-git-send-email-yamada.masahiro@socionext.com> Cc: Tom Rini Subject: [U-Boot] [PATCH 2/2] tools: image: fix message when fail to add verification data for config X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This function is called when signing configuration nodes. Adjust the error message. I do not know why we do not need to show the error message in case of ENOSPC. Remove the if-conditional that seems unnecessary. Signed-off-by: Masahiro Yamada --- tools/image-host.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tools/image-host.c b/tools/image-host.c index d42c1ca..2c0030b 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -626,10 +626,8 @@ static int fit_config_process_sig(const char *keydir, void *keydest, /* Write the public key into the supplied FDT file */ if (keydest) { ret = info.crypto->add_verify_data(&info, keydest); - if (ret == -ENOSPC) - return -ENOSPC; if (ret) { - printf("Failed to add verification data for '%s' signature node in '%s' image node\n", + printf("Failed to add verification data for '%s' signature node in '%s' configuration node\n", node_name, conf_name); } return ret;