[U-Boot] [PATCH 2/7] fdt: add "fdt sign" command

Heiko Schocher hs at denx.de
Mon Jan 27 07:37:07 CET 2014


Hello Simon,

Am 26.01.2014 22:04, schrieb Simon Glass:
> Hi Heiko,
>
> On 24 January 2014 23:44, Heiko Schocher<hs at denx.de>  wrote:
>> check if a fdt is correct signed
>> pass an optional addr value. Contains the addr of the key blob
>>
>> Signed-off-by: Heiko Schocher<hs at denx.de>
>> Cc: Simon Glass<sjg at chromium.org>
>> ---
>>   common/cmd_fdt.c | 38 +++++++++++++++++++++++++++++++++++++-
>>   1 file changed, 37 insertions(+), 1 deletion(-)
>>
>> diff --git a/common/cmd_fdt.c b/common/cmd_fdt.c
>> index 3a9edd6..b8468ea 100644
>> --- a/common/cmd_fdt.c
>> +++ b/common/cmd_fdt.c
>> @@ -243,7 +243,7 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
>>          /*
>>           * Set the value of a property in the working_fdt.
>>           */
>> -       } else if (argv[1][0] == 's') {
>> +       } else if (strncmp(argv[1], "se", 2) == 0) {
>>                  char *pathp;            /* path */
>>                  char *prop;             /* property */
>>                  int  nodeoffset;        /* node offset from libfdt */
>> @@ -283,6 +283,37 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
>>                          return 1;
>>                  }
>>
>> +#if defined(CONFIG_FIT_SIGNATURE)
>> +       } else if (strncmp(argv[1], "si", 2) == 0) {
>> +               int cfg_noffset;
>> +               int ret;
>> +               unsigned long addr;
>> +               struct fdt_header *blob;
>> +
>> +               if (!working_fdt)
>> +                       return CMD_RET_FAILURE;
>> +
>> +               if (argc>  2) {
>> +                       addr = simple_strtoul(argv[2], NULL, 16);
>> +                       blob = map_sysmem(addr, 0);
>> +               } else {
>> +                       blob = (struct fdt_header *)gd->fdt_blob;
>> +               }
>> +               if (!fdt_valid(&blob))
>> +                       return 1;
>> +
>> +               gd->fdt_blob = blob;
>> +               cfg_noffset = fit_conf_get_node(working_fdt, NULL);
>> +               if (!cfg_noffset)
>> +                       return CMD_RET_FAILURE;
>
> May need to print an error here, since otherwise it won't be clear
> what went wrong.

Hmm... fit_conf_get_node() prints a dedicated error message if debug is
activated... I thought this is enough ... ?

>> +
>> +               ret = fit_config_verify(working_fdt, cfg_noffset);
>> +               if (ret == 1)
>> +                       return CMD_RET_SUCCESS;
>> +               else
>> +                       return CMD_RET_FAILURE;
>> +#endif
>> +
>>          /********************************************************************
>>           * Get the value of a property in the working_fdt.
>>           ********************************************************************/
>> @@ -992,6 +1023,11 @@ static char fdt_help_text[] =
>>          "fdt rsvmem delete<index>            - Delete a mem reserves\n"
>>          "fdt chosen [<start>  <end>]          - Add/update the /chosen branch in the tree\n"
>>          "<start>/<end>  - initrd start/end addr\n"
>> +#if defined(CONFIG_FIT_SIGNATURE)
>> +       "fdt sign [<addr>]                   - check FIT signature\n"
>
> How about checksig instead of sign? 'sign' sounds like you are going to sign it.

Of course, that sounds better!
Change this for v2, thanks!

>
>> +       "<start>  - addr of key blob\n"
>> +       "                                                  default gd->fdt_blob\n"
>> +#endif
>>          "NOTE: Dereference aliases by omiting the leading '/', "
>>                  "e.g. fdt print ethernet0.";
>>   #endif
>> --
>> 1.8.3.1
>>
>
> Regards,
> Simon

Thanks for the review.

bye,
Heiko
-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


More information about the U-Boot mailing list