| Message ID | 20201029175029.4274-1-philippe.reynes@softathome.com |
|---|---|
| State | Accepted |
| Commit | 7d5b1bf6b84489cbbafd6dc679fdac2eda876c74 |
| Delegated to: | Tom Rini |
| Headers | show |
| Series | spl: spl_fit.c: enable check of signature for config node in spl/tpl | expand |
On Thu, 29 Oct 2020 at 11:50, Philippe Reynes <philippe.reynes@softathome.com> wrote: > > This commit add the support of signature check for config node > in spl/tpl when the function spl_load_simple_fit is used. > > Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> > --- > common/spl/spl_fit.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) Reviewed-by: Simon Glass <sjg@chromium.org> We have sandbox SPL tests available now so it should be possible to write a test of FIT loading in SPL. > > diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c > index fd6086a65c..7d10a4352c 100644 > --- a/common/spl/spl_fit.c > +++ b/common/spl/spl_fit.c > @@ -551,6 +551,16 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, > if (spl_load_simple_fit_skip_processing()) > return 0; > > + if (IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)) { > + int conf_offset = fit_find_config_node(fit); > + > + printf("## Checking hash(es) for config %s ... ", > + fit_get_name(fit, conf_offset, NULL)); > + if (fit_config_verify(fit, conf_offset)) > + return -EPERM; > + puts("OK\n"); > + } > + > /* find the node holding the images information */ > images = fdt_path_offset(fit, FIT_IMAGES_PATH); > if (images < 0) { > -- > 2.17.1 >
On Thu, Oct 29, 2020 at 06:50:29PM +0100, Philippe Reynes wrote: > This commit add the support of signature check for config node > in spl/tpl when the function spl_load_simple_fit is used. > > Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> > Reviewed-by: Simon Glass <sjg@chromium.org> Applied to u-boot/next, thanks!
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index fd6086a65c..7d10a4352c 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -551,6 +551,16 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, if (spl_load_simple_fit_skip_processing()) return 0; + if (IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)) { + int conf_offset = fit_find_config_node(fit); + + printf("## Checking hash(es) for config %s ... ", + fit_get_name(fit, conf_offset, NULL)); + if (fit_config_verify(fit, conf_offset)) + return -EPERM; + puts("OK\n"); + } + /* find the node holding the images information */ images = fdt_path_offset(fit, FIT_IMAGES_PATH); if (images < 0) {
This commit add the support of signature check for config node in spl/tpl when the function spl_load_simple_fit is used. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> --- common/spl/spl_fit.c | 10 ++++++++++ 1 file changed, 10 insertions(+)