diff mbox series

spl: spl_fit.c: enable check of signature for config node in spl/tpl

Message ID 20201029175029.4274-1-philippe.reynes@softathome.com
State Awaiting Upstream
Delegated to: Tom Rini
Headers show
Series spl: spl_fit.c: enable check of signature for config node in spl/tpl | expand

Commit Message

Philippe Reynes Oct. 29, 2020, 5:50 p.m. UTC
This commit add the support of signature check for config node
in spl/tpl when the function spl_load_simple_fit is used.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 common/spl/spl_fit.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

Comments

Simon Glass Nov. 3, 2020, 3:12 p.m. UTC | #1
On Thu, 29 Oct 2020 at 11:50, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> This commit add the support of signature check for config node
> in spl/tpl when the function spl_load_simple_fit is used.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  common/spl/spl_fit.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)

Reviewed-by: Simon Glass <sjg@chromium.org>

We have sandbox SPL tests available now so it should be possible to
write a test of FIT loading in SPL.


>
> diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
> index fd6086a65c..7d10a4352c 100644
> --- a/common/spl/spl_fit.c
> +++ b/common/spl/spl_fit.c
> @@ -551,6 +551,16 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
>         if (spl_load_simple_fit_skip_processing())
>                 return 0;
>
> +       if (IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)) {
> +               int conf_offset = fit_find_config_node(fit);
> +
> +               printf("## Checking hash(es) for config %s ... ",
> +                      fit_get_name(fit, conf_offset, NULL));
> +               if (fit_config_verify(fit, conf_offset))
> +                       return -EPERM;
> +               puts("OK\n");
> +       }
> +
>         /* find the node holding the images information */
>         images = fdt_path_offset(fit, FIT_IMAGES_PATH);
>         if (images < 0) {
> --
> 2.17.1
>
Tom Rini Dec. 2, 2020, 9:22 p.m. UTC | #2
On Thu, Oct 29, 2020 at 06:50:29PM +0100, Philippe Reynes wrote:

> This commit add the support of signature check for config node
> in spl/tpl when the function spl_load_simple_fit is used.
> 
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/next, thanks!
diff mbox series

Patch

diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index fd6086a65c..7d10a4352c 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -551,6 +551,16 @@  int spl_load_simple_fit(struct spl_image_info *spl_image,
 	if (spl_load_simple_fit_skip_processing())
 		return 0;
 
+	if (IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)) {
+		int conf_offset = fit_find_config_node(fit);
+
+		printf("## Checking hash(es) for config %s ... ",
+		       fit_get_name(fit, conf_offset, NULL));
+		if (fit_config_verify(fit, conf_offset))
+			return -EPERM;
+		puts("OK\n");
+	}
+
 	/* find the node holding the images information */
 	images = fdt_path_offset(fit, FIT_IMAGES_PATH);
 	if (images < 0) {