From patchwork Thu Jun  7 10:37:27 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ben Whitten <ben.whitten@gmail.com>
X-Patchwork-Id: 926268
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="Fc7cmWSF"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 411j9n4KVcz9s1b
	for <incoming@patchwork.ozlabs.org>;
	Thu,  7 Jun 2018 20:55:09 +1000 (AEST)
Received: by lists.denx.de (Postfix, from userid 105)
	id C7974C2201F; Thu,  7 Jun 2018 10:54:57 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=FREEMAIL_FROM,
	RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,
	T_DKIM_INVALID autolearn=unavailable
	autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 43C1AC21FF8;
	Thu,  7 Jun 2018 10:54:02 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id ABFA6C21EF0; Thu,  7 Jun 2018 10:37:42 +0000 (UTC)
Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com
	[74.125.82.48])
	by lists.denx.de (Postfix) with ESMTPS id 513BDC21C4A
	for <u-boot@lists.denx.de>; Thu,  7 Jun 2018 10:37:42 +0000 (UTC)
Received: by mail-wm0-f48.google.com with SMTP id n5-v6so17819224wmc.5
	for <u-boot@lists.denx.de>; Thu, 07 Jun 2018 03:37:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id;
	bh=Uale8BvfGY6UKyTVr5qCPhcacTc2DtEa8xS3JyrSCqQ=;
	b=Fc7cmWSFWo1XtUzdjvX+u351ibfyYvxNz+Lq6b2IVHfwVIpE7ScLVtISehfyX60Evx
	yrb5b49zxliwUxVvgRtRHry+/+f9to2fichsSxBaAElKw9Kd2enz4XDmmypaJ30uP30d
	af/upNlJo6JWQbzWMft95kvw0cs25ZEdrdLCcwlEP8Py3y2bDGzYJTCW/6rZlw7yecXc
	EfJOtj6n5oVMEXPmeZZgd5m7ieqANjMFbZpRSa0snAoM8T1lgJmdml9RKHgye+UJLgwI
	Et4LO7lnc0TLVvUZM6XsShGZVtE5rSrl4dzkHkYkNmSsJogCM+zdLQWywUaIVtSaVOeK
	cQAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id;
	bh=Uale8BvfGY6UKyTVr5qCPhcacTc2DtEa8xS3JyrSCqQ=;
	b=QCo3NdFK6Ha4nG3KBVibXosdPnKWG/v4cBG6rqeNBLyzzium50I9xSl6s7Ygiu/cqa
	BZSslOCGUesXIqHWMmbA+m+yUNgA7MEXG/NlKhwmKTKhAnUdCDXwqF59t67rb1swVU5s
	NKUxWicVXwxm5Z8MP1eOtH2unpSwTQ65UtJQRENad63IiOrdmqSdhEp+sT64spRNiFx4
	/57j7A9APPKugFtVZLaCLprTnZmdI3kuCH9otgCaSSoD/weyMnUdJU5cdbad4AAlyDq1
	hi1DxK6fEANAiD8HbSLu4sfSjJaQQu2MkcXNVUaahWfwBEtDFcaBNLy896KyzjYKQRE4
	i1VQ==
X-Gm-Message-State: APt69E1Yzui4FV29Id4NKVsqd96Pi3Xs8dsWnwEP80JAXtTWSAwOEsqV
	YJvEAz6qvaAjtOEcQLuCrlhYbic43pE=
X-Google-Smtp-Source: 
 ADUXVKIeZuSDRVr9DmWiZ2t1MX83YsotcxJcQsooXmoH2QCAZfVP3UxFFLTyACWvh3GJ6jI3EJ+OTQ==
X-Received: by 2002:a1c:ed07:: with SMTP id
	l7-v6mr1293726wmh.139.1528367861520;
	Thu, 07 Jun 2018 03:37:41 -0700 (PDT)
Received: from Sarah.corp.lairdtech.com ([109.174.151.67])
	by smtp.gmail.com with ESMTPSA id
	m58-v6sm57048247wrf.61.2018.06.07.03.37.39
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 07 Jun 2018 03:37:40 -0700 (PDT)
From: Ben Whitten <ben.whitten@gmail.com>
X-Google-Original-From: Ben Whitten <ben.whitten@lairdtech.com>
To: u-boot@lists.denx.de
Date: Thu,  7 Jun 2018 11:37:27 +0100
Message-Id: <1528367847-4876-1-git-send-email-ben.whitten@lairdtech.com>
X-Mailer: git-send-email 2.7.4
X-Mailman-Approved-At: Thu, 07 Jun 2018 10:54:00 +0000
Cc: marex@denx.de, trini@konsulko.com,
	Ben Whitten <ben.whitten@lairdtech.com>
Subject: [U-Boot] [PATCH 1/1] spl: fit: verify images prior to post
	processing
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Verification of hashes needs to take place before any image post
processing, thus matching full FIT image processing.
This allows mechanisms such as encryption be applied to images
prior to fit generation at the spl level.

Signed-off-by: Ben Whitten <ben.whitten@lairdtech.com>
---
 common/spl/spl_fit.c | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index 05d6af9..02f7fa2 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -182,9 +182,6 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector,
 	uint8_t image_comp = -1, type = -1;
 	const void *data;
 	bool external_data = false;
-#ifdef CONFIG_SPL_FIT_SIGNATURE
-	int ret;
-#endif
 
 	if (IS_ENABLED(CONFIG_SPL_OS_BOOT) && IS_ENABLED(CONFIG_SPL_GZIP)) {
 		if (fit_image_get_comp(fit, node, &image_comp))
@@ -245,6 +242,15 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector,
 		src = (void *)data;
 	}
 
+#ifdef CONFIG_SPL_FIT_SIGNATURE
+	printf("## Checking hash(es) for Image %s ... ",
+	       fit_get_name(fit, node, NULL));
+	if (!fit_image_verify_with_data(fit, node,
+					 src, length))
+		return -EPERM;
+	puts("OK\n");
+#endif
+
 #ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS
 	board_fit_image_post_process(&src, &length);
 #endif
@@ -270,16 +276,7 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector,
 		image_info->entry_point = fdt_getprop_u32(fit, node, "entry");
 	}
 
-#ifdef CONFIG_SPL_FIT_SIGNATURE
-	printf("## Checking hash(es) for Image %s ...\n",
-	       fit_get_name(fit, node, NULL));
-	ret = fit_image_verify_with_data(fit, node,
-					 (const void *)load_addr, length);
-	printf("\n");
-	return !ret;
-#else
 	return 0;
-#endif
 }
 
 static int spl_fit_append_fdt(struct spl_image_info *spl_image,