From patchwork Thu Oct 29 17:50:29 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Philippe REYNES <philippe.reynes@softathome.com>
X-Patchwork-Id: 1390312
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=none (p=none dis=none) header.from=softathome.com
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=softathome1.onmicrosoft.com
 header.i=@softathome1.onmicrosoft.com
 header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com
 header.b=kAN42Sf0;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4CMXzW0QyYz9sSn
	for <incoming@patchwork.ozlabs.org>; Fri, 30 Oct 2020 04:50:47 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 62F968235F;
	Thu, 29 Oct 2020 18:50:43 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=softathome.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=softathome1.onmicrosoft.com
 header.i=@softathome1.onmicrosoft.com
 header.b="kAN42Sf0";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 56AAC82369; Thu, 29 Oct 2020 18:50:42 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,FORGED_SPF_HELO,MSGID_FROM_MTA_HEADER,SPF_HELO_PASS,
 URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.2
Received: from FRA01-MR2-obe.outbound.protection.outlook.com
 (mail-mr2fra01on0630.outbound.protection.outlook.com
 [IPv6:2a01:111:f400:7e19::630])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 2AEA08002F
 for <u-boot@lists.denx.de>; Thu, 29 Oct 2020 18:50:39 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none)
 header.from=softathome.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=philippe.reynes@softathome.com
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=YJ1jlrYKVpWhYkfYEibHc8/3/zFNtL38D9jFsSk6AII1HV22Al4SjaYWlWi3CYMUh5UbWeu4yj3aOE/A++bgTjnKY0ANjAKKTnyhquoPlBOXci0yQ1BuQ+R7Tk7Z6BOyluvtAZleQyrS5EAjV/QVp9jPI/2lP4KXOV0GnahlmmeiuEbX3L9bNm5+wtRDxPQ9Wa2LaJDY5QbmvNEBUWIV3CU8iAwwgLVCsxGcVBCtpR9duqyZJm4OCW0vxjQVTsBSQDxgZUTJ0BrQkmTtPOGuhIGRC7a3XYVFVaOSjplXSQrhuRCod5HNYgR6BJHpaY7o2CEqMxW7ocJuXB2cO28A3w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=26+hqzKNS+rujX7NRirj1w7m4XMTLRiw3JZEDz3R0ms=;
 b=LwHPK7ka3jWgcIN+Tw6wiA37wn2BUGLpW7RE9MyK0bsQ+57EQC/moQkGdBVoSUIEMQNMQjtOo46Fv0EcqFadfJHortZYjfYhr/GWKWop67HyB40X0rZIq7nMy/gfUrOhWtJLdQoyTXwupL1hz6p3uMI2ssl+K3mcBwXDkFROF5biWnYk3S5dqH2k6GhTwcjdjZN5paV681Euv6K5t2qLEPzQoS/diTB3Mg+idwO9a6S6Jm1oRtWgwle098UGpsxUIkzzszBbkMFqVViHbMs8zcSiMZpcNprt+xSRuwzptd2pjjHrhYZiXCHWHk5LqBokIxFS2In0Y7kEgl/XVONzgA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=softathome.com; dmarc=pass action=none
 header.from=softathome.com; dkim=pass header.d=softathome.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=26+hqzKNS+rujX7NRirj1w7m4XMTLRiw3JZEDz3R0ms=;
 b=kAN42Sf0erpdqpldFtvXTCIPN596Q/LDhiTWE2Z82UuFoK/p5mWqoLuD0T/2hLoUjvIMi8ZbTjCBw8Tgc3Wb68cVdQnIbBiKmMwPOzSMSUYsiSsmWfLJIK8VoX95JwmuAIJl5D9KUuEoSWLMNeut82/x9sCyW5JOyy4ybBUUUM4AohHZo9itXd7iYCuqmQTgl/mCkqchxD8RGr0PwL8mMGCTo8wdbsdLnfGNJHT6gzVG63W0x7WhdZMzJ0DCAntvbFJj0Es6lYmj4b5OfWzQnf/n6qW+XoLlAlMiMmN6GQfpDrMXeMz4MAGGX5e9VQczSl+PXqdYVuYG1PryMADP7A==
Authentication-Results: chromium.org; dkim=none (message not signed)
 header.d=none;chromium.org; dmarc=none action=none
 header.from=softathome.com;
Received: from MR2P264MB0068.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:5::16) by
 MRXP264MB0021.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:24::12) with
 Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3499.18; Thu, 29 Oct 2020 17:50:37 +0000
Received: from MR2P264MB0068.FRAP264.PROD.OUTLOOK.COM
 ([fe80::d1bd:61ca:31ea:7a5]) by MR2P264MB0068.FRAP264.PROD.OUTLOOK.COM
 ([fe80::d1bd:61ca:31ea:7a5%7]) with mapi id 15.20.3499.027; Thu, 29 Oct 2020
 17:50:37 +0000
From: Philippe Reynes <philippe.reynes@softathome.com>
To: sjg@chromium.org
Cc: u-boot@lists.denx.de,
	Philippe Reynes <philippe.reynes@softathome.com>
Subject: [PATCH] spl: spl_fit.c: enable check of signature for config node in
 spl/tpl
Date: Thu, 29 Oct 2020 18:50:29 +0100
Message-Id: <20201029175029.4274-1-philippe.reynes@softathome.com>
X-Mailer: git-send-email 2.17.1
X-Originating-IP: [2a01:cb08:1b9:9600:3d2e:f06f:69b1:cd95]
X-ClientProxiedBy: PR0P264CA0197.FRAP264.PROD.OUTLOOK.COM
 (2603:10a6:100:1f::17) To MR2P264MB0068.FRAP264.PROD.OUTLOOK.COM
 (2603:10a6:500:5::16)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from localhost.localdomain (2a01:cb08:1b9:9600:3d2e:f06f:69b1:cd95)
 by PR0P264CA0197.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1f::17) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.19 via Frontend
 Transport; Thu, 29 Oct 2020 17:50:37 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f7334e7e-4e2c-4c68-472c-08d87c3324b5
X-MS-TrafficTypeDiagnostic: MRXP264MB0021:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <MRXP264MB00216797AD30B29440C5F17D88140@MRXP264MB0021.FRAP264.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:127;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 0pFHBhIVTlyirCqEEBOW2anm6K1V80EIwLSV7WDXBvo7S3Kh/0ZG+7FukOlXjIh3MZ6jSkslBNgIhdDJ+SUtU/hW/B6jJJ9pOOMg6ncy30+TuttWSihVtu0ovqFu/MD4gM18LpgSP5oZ0ikabgYz5s/tp39hAJ/m9Grvzm4+8IjeVLz2VedzrAwUzJY1eBz6MgUfDSvRJujAnFwDPDGSjM3MMG58J1NMGr7c3g22itKgeJ3ckNu7tv5CAfbfCKesu4Cn9nDojsoCL3Vlpkmzrxm0XBm8spHN52NxkKgYqE5Yw+aVCLQPotbBpwoDaT6wJpCisDIK8CiLYXnEvaa/ZW5uS5GFgLo7mYHZpzswkUG1fhtNuguXK3++HC7nWQrM
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:MR2P264MB0068.FRAP264.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
 SFS:(4636009)(346002)(136003)(366004)(396003)(39840400004)(376002)(6486002)(69590400008)(8936002)(2906002)(16526019)(8676002)(6916009)(107886003)(4326008)(86362001)(478600001)(6512007)(6506007)(66946007)(83380400001)(1076003)(52116002)(186003)(44832011)(66556008)(66476007)(6666004)(4744005)(316002)(36756003)(2616005)(5660300002);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
 YPr3cy8v5Lj1UUiUsYnjjPBpZeF4MDCZ08R3xF0dM8u/DHus4qv1xEqUltdhcuobDE9q0tGAO0X3P/xZ0hQP+QbWLJ0JW9dzxvKDAHUH/2tLVbvk+yaPGUCgTvNsh2EPv5TGPi6pHtfESvdVZ/dzrVXIaFsvZWbnUi/TOcNy9Koqt66F0ZkyKi+UXjodbwfinFQEAMRDz4iWoXWgWSCCr+ZAGdtZ8COB0Z30vXI/FcWoasXuuIHBkMGFcksbGJuQiHwyavygM5/eV/envPixu7vFg/ISvR9rcU8/EEbJkxLweQ/oAt+BhrSEc5QQdDfjonY3UiVdIJCDjwX13OylIxMfAKO+vFiFDrucPaU5C7/1llcQaDeFhLTj0xVfJzs8zHHUVW5fvzqgEydoADGrcz8CPSKTCFTC1l1qSe7pBTYsET7nG3kBXqCq0h15QGwKrpC2bDylPFCB0IK/CDtsnGLnLhQIEMJiE4RiQpt/OyT46UzKhTSxj96gy8EKBQjGMdIBTNzLfO+81GOVHTw+xJhM0xKWQQNtDxq7wuYMD7/21nLQuyBua53N2yfo3ZXB+vUmc3UNU1kRe35hwIhjGKCm++YTXmw28dh1erWD60YmAuV6/7e9rUxkOixKdNTU8nvDHxTMzvs1Hw9z/X+vWhvprq2Z2crLjybvBja0w6J+Ff7EyEraWBj1WVZ18RrrgzJG9Fi0GgRVNLDwaO1NDQ==
X-OriginatorOrg: softathome.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 f7334e7e-4e2c-4c68-472c-08d87c3324b5
X-MS-Exchange-CrossTenant-AuthSource: MR2P264MB0068.FRAP264.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Oct 2020 17:50:37.6070 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 O7yMg3oH4YUrSbsJuqwxYIvQwtzHsgRMppTos8LM5PqdTLYIMqM+jVY9GLi0OoxguL116kUl12FH/dmb+w10zaIE6agxSe2euIS9BW6LFjw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRXP264MB0021
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de
X-Virus-Status: Clean

This commit add the support of signature check for config node
in spl/tpl when the function spl_load_simple_fit is used.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 common/spl/spl_fit.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index fd6086a65c..7d10a4352c 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -551,6 +551,16 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
 	if (spl_load_simple_fit_skip_processing())
 		return 0;
 
+	if (IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)) {
+		int conf_offset = fit_find_config_node(fit);
+
+		printf("## Checking hash(es) for config %s ... ",
+		       fit_get_name(fit, conf_offset, NULL));
+		if (fit_config_verify(fit, conf_offset))
+			return -EPERM;
+		puts("OK\n");
+	}
+
 	/* find the node holding the images information */
 	images = fdt_path_offset(fit, FIT_IMAGES_PATH);
 	if (images < 0) {