From patchwork Tue Dec 3 21:06:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dario Binacchi X-Patchwork-Id: 1203841 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=libero.it Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=libero.it header.i=@libero.it header.b="J7j6NKKg"; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47SFYD2QNDz9sRH for ; Wed, 4 Dec 2019 08:31:40 +1100 (AEDT) Received: by phobos.denx.de (Postfix, from userid 109) id 048AD81707; Tue, 3 Dec 2019 22:31:36 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, FREEMAIL_FROM, MAILING_LIST_MULTI, SPF_HELO_PASS, SPF_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from phobos.denx.de (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E19748171D; Tue, 3 Dec 2019 22:16:15 +0100 (CET) Authentication-Results: mail.denx.de; dmarc=fail (p=quarantine dis=none) header.from=libero.it Authentication-Results: mail.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: mail.denx.de; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=libero.it header.i=@libero.it header.b="J7j6NKKg"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 700A1816D6; Tue, 3 Dec 2019 22:06:34 +0100 (CET) Received: from libero.it (smtp-35.italiaonline.it [213.209.10.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id CD89681644 for ; Tue, 3 Dec 2019 22:06:31 +0100 (CET) Authentication-Results: mail.denx.de; dmarc=pass (p=quarantine dis=none) header.from=libero.it Authentication-Results: mail.denx.de; spf=pass smtp.mailfrom=dariobin@libero.it Received: from localhost.localdomain ([80.116.32.220]) by smtp-35.iol.local with ESMTPA id cFNIiKF4z4KqMcFNOi7Ujp; Tue, 03 Dec 2019 22:06:31 +0100 x-libjamoibt: 1601 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=libero.it; s=s2014; t=1575407191; bh=LefhLgXNigeKiaNm3LNOcTUhwN4DUOV+VMGhirk7gZw=; h=From:To:Cc:Subject:Date; b=J7j6NKKgM7VJuWoXVzOE/PxcyGz1fJMXOHiww+QfTdUMiePeRo+SjcbN2/IADua2J 2vnIEhDho7vBlexVgH2+96D7lqVpKhIqWjZyPRKzXH1v1mN1SqgUrwxsULI4P4Fruh 3Bq07oLRlm37yspMxFzJaQ+uDLRRQCQuqXLlB8S7P0fXPkMHTxTQK2Eh8dpZbHG729 OYR78LYJ9thvs7LRrZCoueKYhTtsCGuODMgXAzQUWeL9gZbHMOz19rDon6dY8bGj3d d8r4DJLZxC5cP03GdhqM4DVZG2h6qsKp97IkI2rV0B+5okHtmAJJOU4Hi2yH//cnT6 bjMEId9XM2v9Q== X-CNFS-Analysis: v=2.3 cv=UdUvt5aN c=1 sm=1 tr=0 a=gDoL7ROJeSFQT6fuE5q7ug==:117 a=gDoL7ROJeSFQT6fuE5q7ug==:17 a=3s7N_etCVCmEtE15g9gA:9 a=IlBf2AtHY3gEcEZ7:21 a=vvg-BYk_6-4AStHS:21 From: Dario Binacchi To: u-boot@lists.denx.de Subject: [PATCH] spl: fit: enable hash control even without signature Date: Tue, 3 Dec 2019 22:06:18 +0100 Message-Id: <20191203210618.28614-1-dariobin@libero.it> X-Mailer: git-send-email 2.24.0 MIME-Version: 1.0 X-CMAE-Envelope: MS4wfKoVCBVq51FBq8MCFxqYM0DzZNqNafsmd0vRYMSUv2XeqdQfH+ufyxDxoHBvjn4ixR9683t+9V8ch9C5/aPav4ozmVeCWvqYBeh4OR7AB4tDR4f4zXw1 qufFRX99nLkbwXRUAqWJlQITxZCiVYSNikt+OaExcYq64y8jnx3SZ06CdRwhlu8kP94zCPOIXAu+xsCfReaj3hnbW2dfQFU8tqKGKf7XNVJSGQCqjmTPJMVA LdQyGmZZE/znKkIDRNJMsFfDVS1D2/3pQEErmXKg/5tQ8udKDDC06LltSRvBoH4zKs+HiUNNEY5oEB47TVNtkEn6FBpO8Rn81IxQC3hOi/sTk2kvtRPCYk7p dAPkI7PGMlHDkqed565YNfbSh1PduCPAQnoQkNpmnp0drKAu8nFHXk15SZiZevErn++EZCa4uL5gI2HLNOtOOReTCCUzfw== X-Mailman-Approved-At: Tue, 03 Dec 2019 22:15:03 +0100 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.26 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Dario Binacchi Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.101.4 at mail.denx.de X-Virus-Status: Clean The function "fit_image_verify_with_data" that performs the integrity protection of FIT images is already able to correctly manage the device tree nodes that require signature and/or hash control. Tests with device tree with or without hash nodes but certainly not signed have given positive results. Furthermore, the hash calculation is performed only if the hash property has been detected, without adding unnecessary calculations. It is therefore useless and limiting to enable hash control only in the case of a signed image. Signed-off-by: Dario Binacchi --- common/spl/spl_fit.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index cbc00a4e7c..58ba40cb2f 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -242,14 +242,12 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector, src = (void *)data; } -#ifdef CONFIG_SPL_FIT_SIGNATURE printf("## Checking hash(es) for Image %s ... ", fit_get_name(fit, node, NULL)); if (!fit_image_verify_with_data(fit, node, src, length)) return -EPERM; puts("OK\n"); -#endif #ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS board_fit_image_post_process(&src, &length);