[U-Boot] [PATCH v2 13/14] Enhance fit_check_sign to check all images

Simon Glass sjg at chromium.org
Thu Jun 12 15:24:53 CEST 2014


At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.


Signed-off-by: Simon Glass <sjg at chromium.org>
Acked-by: Heiko Schocher <hs at denx.de> (v1)
---

Changes in v2:
- Update test output in signature.txt

 common/bootm.c               | 71 ++++++++++++++++++++++++++++++++++++++++++++
 common/image-fit.c           |  3 +-
 doc/uImage.FIT/signature.txt |  3 ++
 include/bootm.h              |  2 ++
 include/image.h              |  5 +++-
 tools/fit_check_sign.c       |  7 +++--
 tools/image-host.c           | 12 ++++++--
 7 files changed, 96 insertions(+), 7 deletions(-)

diff --git a/common/bootm.c b/common/bootm.c
index d93d3f3..7ec2ed8 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -244,6 +244,7 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc,
 
 	return 0;
 }
+#endif /* USE_HOSTCC */
 
 /**
  * decomp_image() - decompress the operating system
@@ -353,6 +354,7 @@ static int decomp_image(int comp, ulong load, ulong image_start, int type,
 	return 0;
 }
 
+#ifndef USE_HOSTCC
 static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
 			 int boot_progress)
 {
@@ -838,5 +840,74 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
 
 	return buf;
 }
+#else /* USE_HOSTCC */
+
+void memmove_wd(void *to, void *from, size_t len, ulong chunksz)
+{
+	memmove(to, from, len);
+}
+
+static int bootm_host_load_image(const void *fit, int req_image_type)
+{
+	const char *fit_uname_config = NULL;
+	ulong data, len;
+	bootm_headers_t images;
+	int noffset;
+	ulong load_end;
+	uint8_t image_type;
+	uint8_t imape_comp;
+	void *load_buf;
+	int ret;
+
+	memset(&images, '\0', sizeof(images));
+	images.verify = 1;
+	noffset = fit_image_load(&images, (ulong)fit,
+		NULL, &fit_uname_config,
+		IH_ARCH_DEFAULT, req_image_type, -1,
+		FIT_LOAD_IGNORED, &data, &len);
+	if (noffset < 0)
+		return noffset;
+	if (fit_image_get_type(fit, noffset, &image_type)) {
+		puts("Can't get image type!\n");
+		return -EINVAL;
+	}
+
+	if (fit_image_get_comp(fit, noffset, &imape_comp)) {
+		puts("Can't get image compression!\n");
+		return -EINVAL;
+	}
+
+	/* Allow the image to expand by a factor of 4, should be safe */
+	load_buf = malloc((1 << 20) + len * 4);
+	ret = decomp_image(imape_comp, 0, data, image_type, load_buf,
+			   (void *)data, len, &load_end);
+	free(load_buf);
+	if (ret && ret != BOOTM_ERR_UNIMPLEMENTED)
+		return ret;
+
+	return 0;
+}
+
+int bootm_host_load_images(const void *fit, int cfg_noffset)
+{
+	static uint8_t image_types[] = {
+		IH_TYPE_KERNEL,
+		IH_TYPE_FLATDT,
+		IH_TYPE_RAMDISK,
+	};
+	int err = 0;
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(image_types); i++) {
+		int ret;
+
+		ret = bootm_host_load_image(fit, image_types[i]);
+		if (!err && ret && ret != -ENOENT)
+			err = ret;
+	}
+
+	/* Return the first error we found */
+	return err;
+}
 
 #endif /* ndef USE_HOSTCC */
diff --git a/common/image-fit.c b/common/image-fit.c
index 83fac9a..3311343 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1591,12 +1591,13 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
 	}
 
 	bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
+#ifndef USE_HOSTCC
 	if (!fit_image_check_target_arch(fit, noffset)) {
 		puts("Unsupported Architecture\n");
 		bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
 		return -ENOEXEC;
 	}
-
+#endif
 	if (image_type == IH_TYPE_FLATDT &&
 	    !fit_image_check_comp(fit, noffset, IH_COMP_NONE)) {
 		puts("FDT image is compressed");
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index 672dc35..a6ab543 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -361,6 +361,7 @@ Test Verified Boot Run: unsigned config: OK
 Sign images
 Test Verified Boot Run: signed config: OK
 check signed config on the host
+Signature check OK
 OK
 Test Verified Boot Run: signed config: OK
 Test Verified Boot Run: signed config with bad hash: OK
@@ -374,12 +375,14 @@ Test Verified Boot Run: unsigned config: OK
 Sign images
 Test Verified Boot Run: signed config: OK
 check signed config on the host
+Signature check OK
 OK
 Test Verified Boot Run: signed config: OK
 Test Verified Boot Run: signed config with bad hash: OK
 
 Test passed
 
+
 Future Work
 -----------
 - Roll-back protection using a TPM is done using the tpm command. This can
diff --git a/include/bootm.h b/include/bootm.h
index 0a3ec56..4a308d8 100644
--- a/include/bootm.h
+++ b/include/bootm.h
@@ -41,6 +41,8 @@ void lynxkdi_boot(image_header_t *hdr);
 
 boot_os_fn *bootm_os_get_boot_func(int os);
 
+int bootm_host_load_images(const void *fit, int cfg_noffset);
+
 int boot_selected_os(int argc, char * const argv[], int state,
 		     bootm_headers_t *images, boot_os_fn *boot_fn);
 
diff --git a/include/image.h b/include/image.h
index ae767f0..ab93eb6 100644
--- a/include/image.h
+++ b/include/image.h
@@ -425,6 +425,7 @@ ulong genimg_get_image(ulong img_addr);
 
 int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
 		uint8_t arch, ulong *rd_start, ulong *rd_end);
+#endif
 
 /**
  * fit_image_load() - load an image from a FIT
@@ -454,12 +455,14 @@ int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
  * @param load_op	Decribes what to do with the load address
  * @param datap		Returns address of loaded image
  * @param lenp		Returns length of loaded image
+ * @return node offset of image, or -ve error code on error
  */
 int fit_image_load(bootm_headers_t *images, ulong addr,
 		   const char **fit_unamep, const char **fit_uname_configp,
 		   int arch, int image_type, int bootstage_id,
 		   enum fit_load_op load_op, ulong *datap, ulong *lenp);
 
+#ifndef USE_HOSTCC
 /**
  * fit_get_node_from_config() - Look up an image a FIT by type
  *
@@ -604,8 +607,8 @@ int image_check_dcrc(const image_header_t *hdr);
 ulong getenv_bootm_low(void);
 phys_size_t getenv_bootm_size(void);
 phys_size_t getenv_bootm_mapsize(void);
-void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
 #endif
+void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
 
 static inline int image_check_magic(const image_header_t *hdr)
 {
diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
index 768be2f..69e99c0 100644
--- a/tools/fit_check_sign.c
+++ b/tools/fit_check_sign.c
@@ -80,10 +80,13 @@ int main(int argc, char **argv)
 
 	image_set_host_blob(key_blob);
 	ret = fit_check_sign(fit_blob, key_blob);
-	if (!ret)
+	if (!ret) {
 		ret = EXIT_SUCCESS;
-	else
+		fprintf(stderr, "Signature check OK\n");
+	} else {
 		ret = EXIT_FAILURE;
+		fprintf(stderr, "Signature check Bad (error %d)\n", ret);
+	}
 
 	(void) munmap((void *)fit_blob, fsbuf.st_size);
 	(void) munmap((void *)key_blob, ksbuf.st_size);
diff --git a/tools/image-host.c b/tools/image-host.c
index faeef66..0eff720 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -10,6 +10,7 @@
  */
 
 #include "mkimage.h"
+#include <bootm.h>
 #include <image.h>
 #include <version.h>
 
@@ -707,16 +708,21 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
 }
 
 #ifdef CONFIG_FIT_SIGNATURE
-int fit_check_sign(const void *working_fdt, const void *key)
+int fit_check_sign(const void *fit, const void *key)
 {
 	int cfg_noffset;
 	int ret;
 
-	cfg_noffset = fit_conf_get_node(working_fdt, NULL);
+	cfg_noffset = fit_conf_get_node(fit, NULL);
 	if (!cfg_noffset)
 		return -1;
 
-	ret = fit_config_verify(working_fdt, cfg_noffset);
+	printf("Verifying Hash Integrity ... ");
+	ret = fit_config_verify(fit, cfg_noffset);
+	if (ret)
+		return ret;
+	ret = bootm_host_load_images(fit, cfg_noffset);
+
 	return ret;
 }
 #endif
-- 
2.0.0.526.g5318336



More information about the U-Boot mailing list