[U-Boot] [PATCH 4/9] fit: Verify all configuration signatures
Marek Vasut
marex at denx.de
Thu Dec 28 12:06:16 UTC 2017
Rather than verifying configuration signature of the configuration node
containing the kernel image types, verify all configuration nodes, even
those that do not contain kernel images. This is useful when the nodes
contain ie. standalone OSes or U-Boot.
Signed-off-by: Marek Vasut <marex at denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou at konsulko.com>
Cc: Simon Glass <sjg at chromium.org>
---
common/image-fit.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index 8871e2dcd3..f559032691 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1766,22 +1766,24 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
}
fit_base_uname_config = fdt_get_name(fit, cfg_noffset, NULL);
printf(" Using '%s' configuration\n", fit_base_uname_config);
- if (image_type == IH_TYPE_KERNEL) {
- /* Remember (and possibly verify) this config */
+ /* Remember this config */
+ if (image_type == IH_TYPE_KERNEL)
images->fit_uname_cfg = fit_base_uname_config;
- if (IMAGE_ENABLE_VERIFY && images->verify) {
- puts(" Verifying Hash Integrity ... ");
- if (fit_config_verify(fit, cfg_noffset)) {
- puts("Bad Data Hash\n");
- bootstage_error(bootstage_id +
- BOOTSTAGE_SUB_HASH);
- return -EACCES;
- }
- puts("OK\n");
+
+ /* Verify this config */
+ if (IMAGE_ENABLE_VERIFY && images->verify) {
+ puts(" Verifying Hash Integrity ... ");
+ if (fit_config_verify(fit, cfg_noffset)) {
+ puts("Bad Data Hash\n");
+ bootstage_error(bootstage_id +
+ BOOTSTAGE_SUB_HASH);
+ return -EACCES;
}
- bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG);
+ puts("OK\n");
}
+ bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG);
+
noffset = fit_conf_get_prop_node(fit, cfg_noffset,
prop_name);
fit_uname = fit_get_name(fit, noffset, NULL);
--
2.15.0
More information about the U-Boot
mailing list