{"id":831105,"url":"http://patchwork.ozlabs.org/api/1.2/patches/831105/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/patch/1509084261-16126-1-git-send-email-yamada.masahiro@socionext.com/","project":{"id":18,"url":"http://patchwork.ozlabs.org/api/1.2/projects/18/?format=json","name":"U-Boot","link_name":"uboot","list_id":"u-boot.lists.denx.de","list_email":"u-boot@lists.denx.de","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1509084261-16126-1-git-send-email-yamada.masahiro@socionext.com>","list_archive_url":null,"date":"2017-10-27T06:04:20","name":"[U-Boot,1/2] tools: image: allow to sign image nodes without -K option","commit_ref":"6793d017a7679477402f5d30229651dba0db5ed2","pull_url":null,"state":"accepted","archived":false,"hash":"7ef03dffe266a4f195d891c36946e2f606a2ddf8","submitter":{"id":65882,"url":"http://patchwork.ozlabs.org/api/1.2/people/65882/?format=json","name":"Masahiro Yamada","email":"yamada.masahiro@socionext.com"},"delegate":{"id":3651,"url":"http://patchwork.ozlabs.org/api/1.2/users/3651/?format=json","username":"trini","first_name":"Tom","last_name":"Rini","email":"trini@ti.com"},"mbox":"http://patchwork.ozlabs.org/project/uboot/patch/1509084261-16126-1-git-send-email-yamada.masahiro@socionext.com/mbox/","series":[{"id":10510,"url":"http://patchwork.ozlabs.org/api/1.2/series/10510/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/list/?series=10510","date":"2017-10-27T06:04:21","name":"[U-Boot,1/2] tools: image: allow to sign image nodes without -K option","version":1,"mbox":"http://patchwork.ozlabs.org/series/10510/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/831105/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/831105/checks/","tags":{},"related":[],"headers":{"Return-Path":"<u-boot-bounces@lists.denx.de>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.denx.de\n\t(client-ip=81.169.180.215; helo=lists.denx.de;\n\tenvelope-from=u-boot-bounces@lists.denx.de;\n\treceiver=<UNKNOWN>)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=nifty.com header.i=@nifty.com\n\theader.b=\"irJp246Z\"; dkim-atps=neutral"],"Received":["from lists.denx.de (dione.denx.de [81.169.180.215])\n\tby ozlabs.org (Postfix) with ESMTP id 3yNYKl4HT3z9t2d\n\tfor <incoming@patchwork.ozlabs.org>;\n\tFri, 27 Oct 2017 17:06:35 +1100 (AEDT)","by lists.denx.de (Postfix, from userid 105)\n\tid 56067C21C34; Fri, 27 Oct 2017 06:06:25 +0000 (UTC)","from lists.denx.de (localhost [IPv6:::1])\n\tby lists.denx.de (Postfix) with ESMTP id AD45CC21CEC;\n\tFri, 27 Oct 2017 06:05:25 +0000 (UTC)","by lists.denx.de (Postfix, from userid 105)\n\tid 51FB8C21C29; Fri, 27 Oct 2017 06:05:23 +0000 (UTC)","from conuserg-07.nifty.com (conuserg-07.nifty.com [210.131.2.74])\n\tby lists.denx.de (Postfix) with ESMTPS id CAC96C21C34\n\tfor <u-boot@lists.denx.de>; Fri, 27 Oct 2017 06:05:21 +0000 (UTC)","from pug.e01.socionext.com (p14092-ipngnfx01kyoto.kyoto.ocn.ne.jp\n\t[153.142.97.92]) (authenticated)\n\tby conuserg-07.nifty.com with ESMTP id v9R64Ogu013972;\n\tFri, 27 Oct 2017 15:04:24 +0900"],"X-Spam-Checker-Version":"SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=0.0 required=5.0 tests=T_DKIM_INVALID\n\tautolearn=unavailable autolearn_force=no version=3.4.0","DKIM-Filter":"OpenDKIM Filter v2.10.3 conuserg-07.nifty.com v9R64Ogu013972","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com;\n\ts=dec2015msa; t=1509084264;\n\tbh=8ApH3odgDBE25fj2NnwdpMTfZ8of8LkRx3jVFZOhPU0=;\n\th=From:To:Cc:Subject:Date:From;\n\tb=irJp246ZsbLO52bxmzXcr0AMRTbHlKbhdAvnE8qdgoqwh1Z9mZPvqlKQ/bX3ap0iw\n\t0YjjtbuXsWGg2vKj/4kebEwF3pNfL6UwVuaKivAOIeriYYpSUlQltGVpY3o3Z3uuF9\n\trxvt2IrUMKkJwXpa9cHbx+YliTz9/Su6XNsZRi1eolCqx6czOPqy2grm/407oa/Rjc\n\tQq8ReIbC78dp6IAV2MpCPkX2zeeWuITVgEUo1HU+RSpmYASxO4e902IrCOdmWzUF3l\n\t2xVC/PIO+jHxdQxqkmO7UIKrq9qvXgRNU/L0iXByxFJ6Ri06wFKBRR4PbfvdCJntP6\n\t/sXKhpjAHJwKg==","X-Nifty-SrcIP":"[153.142.97.92]","From":"Masahiro Yamada <yamada.masahiro@socionext.com>","To":"u-boot@lists.denx.de","Date":"Fri, 27 Oct 2017 15:04:20 +0900","Message-Id":"<1509084261-16126-1-git-send-email-yamada.masahiro@socionext.com>","X-Mailer":"git-send-email 2.7.4","Cc":"Tom Rini <trini@konsulko.com>","Subject":"[U-Boot] [PATCH 1/2] tools: image: allow to sign image nodes\n\twithout -K option","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.18","Precedence":"list","List-Id":"U-Boot discussion <u-boot.lists.denx.de>","List-Unsubscribe":"<https://lists.denx.de/options/u-boot>,\n\t<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>","List-Archive":"<http://lists.denx.de/pipermail/u-boot/>","List-Post":"<mailto:u-boot@lists.denx.de>","List-Help":"<mailto:u-boot-request@lists.denx.de?subject=help>","List-Subscribe":"<https://lists.denx.de/listinfo/u-boot>,\n\t<mailto:u-boot-request@lists.denx.de?subject=subscribe>","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" <u-boot-bounces@lists.denx.de>"},"content":"If -K option is missing when you sign image nodes, it fails with\nan unclear error message:\n\n  tools/mkimage Can't add hashes to FIT blob: -1\n\nIt is hard to figure out the cause of the failure.\n\nIn contrast, when you sign configuration nodes, -K is optional because\nfit_config_process_sig() returns successfully if keydest is unset.\nProbably this is a preferred behavior when you want to update FIT with\nthe same key; you do not have to update the public key in this case.\n\nSo, this commit changes fit_image_process_sig() to continue signing\nwithout keydest.  If ->add_verify_data() fails, show a clearer error\nmessage, which has been borrowed from fit_config_process_sig().\n\nSigned-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>\n---\n\n tools/image-host.c | 15 ++++++++-------\n 1 file changed, 8 insertions(+), 7 deletions(-)","diff":"diff --git a/tools/image-host.c b/tools/image-host.c\nindex ad9a73a..d42c1ca 100644\n--- a/tools/image-host.c\n+++ b/tools/image-host.c\n@@ -242,18 +242,19 @@ static int fit_image_process_sig(const char *keydir, void *keydest,\n \t/* Get keyname again, as FDT has changed and invalidated our pointer */\n \tinfo.keyname = fdt_getprop(fit, noffset, \"key-name-hint\", NULL);\n \n-\tif (keydest)\n-\t\tret = info.crypto->add_verify_data(&info, keydest);\n-\telse\n-\t\treturn -1;\n-\n \t/*\n \t * Write the public key into the supplied FDT file; this might fail\n \t * several times, since we try signing with successively increasing\n \t * size values\n \t */\n-\tif (keydest && ret)\n-\t\treturn ret;\n+\tif (keydest) {\n+\t\tret = info.crypto->add_verify_data(&info, keydest);\n+\t\tif (ret) {\n+\t\t\tprintf(\"Failed to add verification data for '%s' signature node in '%s' image node\\n\",\n+\t\t\t       node_name, image_name);\n+\t\t\treturn ret;\n+\t\t}\n+\t}\n \n \treturn 0;\n }\n","prefixes":["U-Boot","1/2"]}