[U-Boot] [PATCH 3/5] x86: baytrail: secureboot: Add functions for verification of u-boot

Fri May 12 08:56:06 UTC 2017

Hi,

On Fri, 12 May 2017 10:25:50 +0200
Lothar Waßmann LW at KARO-electronics.de wrote:
...
> > +static bool verify_oem_sha256(unsigned int hash_id,
> > +			      void *start_address,
> > +			      size_t size)
> > +{
> > +	uint8_t value[SHA256_SUM_LEN];
> >  
> 'unsigned char' here ...
> 
> > +	int value_len;
> > +
> > +	/* calculate address of hash to compare in the oemdata block*/
> > +	void *hash_to_verify = (void *)SB_MANIFEST_OEM_HASH_BASE +
> > +			       (SHA256_SUM_LEN * hash_id);
> > +#ifdef DEBUG
> > +	unsigned int i = 0;
> > +	uint8_t oem_value[SHA256_SUM_LEN];
> > +
> > +	memcpy(oem_value, hash_to_verify, SHA256_SUM_LEN);
> > +	printf("SB: Hash to verify:\t");
> > +	for (i = 0; i < SHA256_SUM_LEN; i++)
> > +		printf("%X", oem_value[i]);
> > +	printf("\n");
> > +#endif
> > +
> > +	/* caluclate the hash of the binary */
> > +	calculate_hash(start_address, size, "sha256", (unsigned char *)value,
> > +		       &value_len);
> >  
> ... would avoid the '(unsigned char *)' cast here.

I'll drop this cast, the fourth argument of calculate_hash()
is uint8_t *.

...
> > +bool verify_public_key(void)
> > +{
> > +	void *fit_public_key_modulus;
> >  
> 'const void *' here ...
> > +
> > +	int offset = fdt_node_offset_by_prop_value(gd->fdt_blob, -1,
> > +						   "key-name-hint",
> > +						   FIT_KEY_NAME,
> > +						   4);
> > +
> > +	fit_public_key_modulus =  (void *)fdt_getprop(gd->fdt_blob, offset,
> > +						      "rsa,modulus", NULL);
> >  
> ... would eliminate the need for the '(void *)' cast here.

OK, will fix. Thanks!

--
Anatolij