[U-Boot] [PATCH 1/2] FIT: add ability to check hashes of all images in FIT, improve output
Bartlomiej Sieka
tur at semihalf.com
Tue Sep 9 12:58:15 CEST 2008
- add function fit_all_image_check_hashes() that verifies if all hashes of all
images in the FIT are valid
- improve output of fit_image_check_hashes() when the hash check fails
Signed-off-by: Bartlomiej Sieka <tur at semihalf.com>
---
common/image.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++----
include/image.h | 1 +
2 files changed, 57 insertions(+), 5 deletions(-)
diff --git a/common/image.c b/common/image.c
index 94f01ad..7f55695 100644
--- a/common/image.c
+++ b/common/image.c
@@ -2645,27 +2645,29 @@ int fit_image_check_hashes (const void *fit, int image_noffset)
continue;
if (fit_image_hash_get_algo (fit, noffset, &algo)) {
- err_msg = "Can't get hash algo property";
+ err_msg = " error!\nCan't get hash algo "
+ "property";
goto error;
}
printf ("%s", algo);
if (fit_image_hash_get_value (fit, noffset, &fit_value,
&fit_value_len)) {
- err_msg = "Can't get hash value property";
+ err_msg = " error!\nCan't get hash value "
+ "property";
goto error;
}
if (calculate_hash (data, size, algo, value, &value_len)) {
- err_msg = "Unsupported hash algorithm";
+ err_msg = " error!\nUnsupported hash algorithm";
goto error;
}
if (value_len != fit_value_len) {
- err_msg = "Bad hash value len";
+ err_msg = " error !\nBad hash value len";
goto error;
} else if (memcmp (value, fit_value, value_len) != 0) {
- err_msg = "Bad hash value";
+ err_msg = " error!\nBad hash value";
goto error;
}
printf ("+ ");
@@ -2682,6 +2684,55 @@ error:
}
/**
+ * fit_all_image_check_hashes - verify data intergity for all images
+ * @fit: pointer to the FIT format image header
+ *
+ * fit_all_image_check_hashes() goes over all images in the FIT and
+ * for every images checks if all it's hashes are valid.
+ *
+ * returns:
+ * 1, if all hashes of all images are valid
+ * 0, otherwise (or on error)
+ */
+int fit_all_image_check_hashes (const void *fit)
+{
+ int images_noffset;
+ int noffset;
+ int ndepth;
+ int count;
+
+ /* Find images parent node offset */
+ images_noffset = fdt_path_offset (fit, FIT_IMAGES_PATH);
+ if (images_noffset < 0) {
+ printf ("Can't find images parent node '%s' (%s)\n",
+ FIT_IMAGES_PATH, fdt_strerror (images_noffset));
+ return 0;
+ }
+
+ /* Process all image subnodes, check hashes for each */
+ printf ("## Checking hash(es) for FIT Image at %08lx ...\n",
+ (ulong)fit);
+ for (ndepth = 0, count = 0,
+ noffset = fdt_next_node (fit, images_noffset, &ndepth);
+ (noffset >= 0) && (ndepth > 0);
+ noffset = fdt_next_node (fit, noffset, &ndepth)) {
+ if (ndepth == 1) {
+ /*
+ * Direct child node of the images parent node,
+ * i.e. component image node.
+ */
+ printf (" Hash(es) for Image %u (%s): ", count++,
+ fit_get_name (fit, noffset, NULL));
+
+ if (!fit_image_check_hashes (fit, noffset))
+ return 0;
+ printf ("\n");
+ }
+ }
+ return 1;
+}
+
+/**
* fit_image_check_os - check whether image node is of a given os type
* @fit: pointer to the FIT format image header
* @noffset: component image node offset
diff --git a/include/image.h b/include/image.h
index 9be806e..e4de513 100644
--- a/include/image.h
+++ b/include/image.h
@@ -573,6 +573,7 @@ int fit_image_hash_set_value (void *fit, int noffset, uint8_t *value,
int value_len);
int fit_image_check_hashes (const void *fit, int noffset);
+int fit_all_image_check_hashes (const void *fit);
int fit_image_check_os (const void *fit, int noffset, uint8_t os);
int fit_image_check_arch (const void *fit, int noffset, uint8_t arch);
int fit_image_check_type (const void *fit, int noffset, uint8_t type);
--
1.5.3.4
More information about the U-Boot
mailing list