[U-Boot] [PATCH v2 13/14] Enhance fit_check_sign to check all images
Simon Glass
sjg at chromium.org
Thu Jun 12 15:24:53 CEST 2014
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.
Signed-off-by: Simon Glass <sjg at chromium.org>
Acked-by: Heiko Schocher <hs at denx.de> (v1)
---
Changes in v2:
- Update test output in signature.txt
common/bootm.c | 71 ++++++++++++++++++++++++++++++++++++++++++++
common/image-fit.c | 3 +-
doc/uImage.FIT/signature.txt | 3 ++
include/bootm.h | 2 ++
include/image.h | 5 +++-
tools/fit_check_sign.c | 7 +++--
tools/image-host.c | 12 ++++++--
7 files changed, 96 insertions(+), 7 deletions(-)
diff --git a/common/bootm.c b/common/bootm.c
index d93d3f3..7ec2ed8 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -244,6 +244,7 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc,
return 0;
}
+#endif /* USE_HOSTCC */
/**
* decomp_image() - decompress the operating system
@@ -353,6 +354,7 @@ static int decomp_image(int comp, ulong load, ulong image_start, int type,
return 0;
}
+#ifndef USE_HOSTCC
static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
int boot_progress)
{
@@ -838,5 +840,74 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
return buf;
}
+#else /* USE_HOSTCC */
+
+void memmove_wd(void *to, void *from, size_t len, ulong chunksz)
+{
+ memmove(to, from, len);
+}
+
+static int bootm_host_load_image(const void *fit, int req_image_type)
+{
+ const char *fit_uname_config = NULL;
+ ulong data, len;
+ bootm_headers_t images;
+ int noffset;
+ ulong load_end;
+ uint8_t image_type;
+ uint8_t imape_comp;
+ void *load_buf;
+ int ret;
+
+ memset(&images, '\0', sizeof(images));
+ images.verify = 1;
+ noffset = fit_image_load(&images, (ulong)fit,
+ NULL, &fit_uname_config,
+ IH_ARCH_DEFAULT, req_image_type, -1,
+ FIT_LOAD_IGNORED, &data, &len);
+ if (noffset < 0)
+ return noffset;
+ if (fit_image_get_type(fit, noffset, &image_type)) {
+ puts("Can't get image type!\n");
+ return -EINVAL;
+ }
+
+ if (fit_image_get_comp(fit, noffset, &imape_comp)) {
+ puts("Can't get image compression!\n");
+ return -EINVAL;
+ }
+
+ /* Allow the image to expand by a factor of 4, should be safe */
+ load_buf = malloc((1 << 20) + len * 4);
+ ret = decomp_image(imape_comp, 0, data, image_type, load_buf,
+ (void *)data, len, &load_end);
+ free(load_buf);
+ if (ret && ret != BOOTM_ERR_UNIMPLEMENTED)
+ return ret;
+
+ return 0;
+}
+
+int bootm_host_load_images(const void *fit, int cfg_noffset)
+{
+ static uint8_t image_types[] = {
+ IH_TYPE_KERNEL,
+ IH_TYPE_FLATDT,
+ IH_TYPE_RAMDISK,
+ };
+ int err = 0;
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(image_types); i++) {
+ int ret;
+
+ ret = bootm_host_load_image(fit, image_types[i]);
+ if (!err && ret && ret != -ENOENT)
+ err = ret;
+ }
+
+ /* Return the first error we found */
+ return err;
+}
#endif /* ndef USE_HOSTCC */
diff --git a/common/image-fit.c b/common/image-fit.c
index 83fac9a..3311343 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1591,12 +1591,13 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
}
bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
+#ifndef USE_HOSTCC
if (!fit_image_check_target_arch(fit, noffset)) {
puts("Unsupported Architecture\n");
bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
return -ENOEXEC;
}
-
+#endif
if (image_type == IH_TYPE_FLATDT &&
!fit_image_check_comp(fit, noffset, IH_COMP_NONE)) {
puts("FDT image is compressed");
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index 672dc35..a6ab543 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -361,6 +361,7 @@ Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
+Signature check OK
OK
Test Verified Boot Run: signed config: OK
Test Verified Boot Run: signed config with bad hash: OK
@@ -374,12 +375,14 @@ Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
+Signature check OK
OK
Test Verified Boot Run: signed config: OK
Test Verified Boot Run: signed config with bad hash: OK
Test passed
+
Future Work
-----------
- Roll-back protection using a TPM is done using the tpm command. This can
diff --git a/include/bootm.h b/include/bootm.h
index 0a3ec56..4a308d8 100644
--- a/include/bootm.h
+++ b/include/bootm.h
@@ -41,6 +41,8 @@ void lynxkdi_boot(image_header_t *hdr);
boot_os_fn *bootm_os_get_boot_func(int os);
+int bootm_host_load_images(const void *fit, int cfg_noffset);
+
int boot_selected_os(int argc, char * const argv[], int state,
bootm_headers_t *images, boot_os_fn *boot_fn);
diff --git a/include/image.h b/include/image.h
index ae767f0..ab93eb6 100644
--- a/include/image.h
+++ b/include/image.h
@@ -425,6 +425,7 @@ ulong genimg_get_image(ulong img_addr);
int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
uint8_t arch, ulong *rd_start, ulong *rd_end);
+#endif
/**
* fit_image_load() - load an image from a FIT
@@ -454,12 +455,14 @@ int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
* @param load_op Decribes what to do with the load address
* @param datap Returns address of loaded image
* @param lenp Returns length of loaded image
+ * @return node offset of image, or -ve error code on error
*/
int fit_image_load(bootm_headers_t *images, ulong addr,
const char **fit_unamep, const char **fit_uname_configp,
int arch, int image_type, int bootstage_id,
enum fit_load_op load_op, ulong *datap, ulong *lenp);
+#ifndef USE_HOSTCC
/**
* fit_get_node_from_config() - Look up an image a FIT by type
*
@@ -604,8 +607,8 @@ int image_check_dcrc(const image_header_t *hdr);
ulong getenv_bootm_low(void);
phys_size_t getenv_bootm_size(void);
phys_size_t getenv_bootm_mapsize(void);
-void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
#endif
+void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
static inline int image_check_magic(const image_header_t *hdr)
{
diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
index 768be2f..69e99c0 100644
--- a/tools/fit_check_sign.c
+++ b/tools/fit_check_sign.c
@@ -80,10 +80,13 @@ int main(int argc, char **argv)
image_set_host_blob(key_blob);
ret = fit_check_sign(fit_blob, key_blob);
- if (!ret)
+ if (!ret) {
ret = EXIT_SUCCESS;
- else
+ fprintf(stderr, "Signature check OK\n");
+ } else {
ret = EXIT_FAILURE;
+ fprintf(stderr, "Signature check Bad (error %d)\n", ret);
+ }
(void) munmap((void *)fit_blob, fsbuf.st_size);
(void) munmap((void *)key_blob, ksbuf.st_size);
diff --git a/tools/image-host.c b/tools/image-host.c
index faeef66..0eff720 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -10,6 +10,7 @@
*/
#include "mkimage.h"
+#include <bootm.h>
#include <image.h>
#include <version.h>
@@ -707,16 +708,21 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
}
#ifdef CONFIG_FIT_SIGNATURE
-int fit_check_sign(const void *working_fdt, const void *key)
+int fit_check_sign(const void *fit, const void *key)
{
int cfg_noffset;
int ret;
- cfg_noffset = fit_conf_get_node(working_fdt, NULL);
+ cfg_noffset = fit_conf_get_node(fit, NULL);
if (!cfg_noffset)
return -1;
- ret = fit_config_verify(working_fdt, cfg_noffset);
+ printf("Verifying Hash Integrity ... ");
+ ret = fit_config_verify(fit, cfg_noffset);
+ if (ret)
+ return ret;
+ ret = bootm_host_load_images(fit, cfg_noffset);
+
return ret;
}
#endif
--
2.0.0.526.g5318336
More information about the U-Boot
mailing list