[U-Boot] [PATCH 2/7] fdt: add "fdt sign" command
Heiko Schocher
hs at denx.de
Mon Jan 27 07:37:07 CET 2014
Hello Simon,
Am 26.01.2014 22:04, schrieb Simon Glass:
> Hi Heiko,
>
> On 24 January 2014 23:44, Heiko Schocher<hs at denx.de> wrote:
>> check if a fdt is correct signed
>> pass an optional addr value. Contains the addr of the key blob
>>
>> Signed-off-by: Heiko Schocher<hs at denx.de>
>> Cc: Simon Glass<sjg at chromium.org>
>> ---
>> common/cmd_fdt.c | 38 +++++++++++++++++++++++++++++++++++++-
>> 1 file changed, 37 insertions(+), 1 deletion(-)
>>
>> diff --git a/common/cmd_fdt.c b/common/cmd_fdt.c
>> index 3a9edd6..b8468ea 100644
>> --- a/common/cmd_fdt.c
>> +++ b/common/cmd_fdt.c
>> @@ -243,7 +243,7 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
>> /*
>> * Set the value of a property in the working_fdt.
>> */
>> - } else if (argv[1][0] == 's') {
>> + } else if (strncmp(argv[1], "se", 2) == 0) {
>> char *pathp; /* path */
>> char *prop; /* property */
>> int nodeoffset; /* node offset from libfdt */
>> @@ -283,6 +283,37 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
>> return 1;
>> }
>>
>> +#if defined(CONFIG_FIT_SIGNATURE)
>> + } else if (strncmp(argv[1], "si", 2) == 0) {
>> + int cfg_noffset;
>> + int ret;
>> + unsigned long addr;
>> + struct fdt_header *blob;
>> +
>> + if (!working_fdt)
>> + return CMD_RET_FAILURE;
>> +
>> + if (argc> 2) {
>> + addr = simple_strtoul(argv[2], NULL, 16);
>> + blob = map_sysmem(addr, 0);
>> + } else {
>> + blob = (struct fdt_header *)gd->fdt_blob;
>> + }
>> + if (!fdt_valid(&blob))
>> + return 1;
>> +
>> + gd->fdt_blob = blob;
>> + cfg_noffset = fit_conf_get_node(working_fdt, NULL);
>> + if (!cfg_noffset)
>> + return CMD_RET_FAILURE;
>
> May need to print an error here, since otherwise it won't be clear
> what went wrong.
Hmm... fit_conf_get_node() prints a dedicated error message if debug is
activated... I thought this is enough ... ?
>> +
>> + ret = fit_config_verify(working_fdt, cfg_noffset);
>> + if (ret == 1)
>> + return CMD_RET_SUCCESS;
>> + else
>> + return CMD_RET_FAILURE;
>> +#endif
>> +
>> /********************************************************************
>> * Get the value of a property in the working_fdt.
>> ********************************************************************/
>> @@ -992,6 +1023,11 @@ static char fdt_help_text[] =
>> "fdt rsvmem delete<index> - Delete a mem reserves\n"
>> "fdt chosen [<start> <end>] - Add/update the /chosen branch in the tree\n"
>> "<start>/<end> - initrd start/end addr\n"
>> +#if defined(CONFIG_FIT_SIGNATURE)
>> + "fdt sign [<addr>] - check FIT signature\n"
>
> How about checksig instead of sign? 'sign' sounds like you are going to sign it.
Of course, that sounds better!
Change this for v2, thanks!
>
>> + "<start> - addr of key blob\n"
>> + " default gd->fdt_blob\n"
>> +#endif
>> "NOTE: Dereference aliases by omiting the leading '/', "
>> "e.g. fdt print ethernet0.";
>> #endif
>> --
>> 1.8.3.1
>>
>
> Regards,
> Simon
Thanks for the review.
bye,
Heiko
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
More information about the U-Boot
mailing list