[PATCH] spl: spl_fit.c: enable check of signature for config node in spl/tpl
Simon Glass
sjg at chromium.org
Tue Nov 3 16:12:01 CET 2020
On Thu, 29 Oct 2020 at 11:50, Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> This commit add the support of signature check for config node
> in spl/tpl when the function spl_load_simple_fit is used.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
> common/spl/spl_fit.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
Reviewed-by: Simon Glass <sjg at chromium.org>
We have sandbox SPL tests available now so it should be possible to
write a test of FIT loading in SPL.
>
> diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
> index fd6086a65c..7d10a4352c 100644
> --- a/common/spl/spl_fit.c
> +++ b/common/spl/spl_fit.c
> @@ -551,6 +551,16 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
> if (spl_load_simple_fit_skip_processing())
> return 0;
>
> + if (IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)) {
> + int conf_offset = fit_find_config_node(fit);
> +
> + printf("## Checking hash(es) for config %s ... ",
> + fit_get_name(fit, conf_offset, NULL));
> + if (fit_config_verify(fit, conf_offset))
> + return -EPERM;
> + puts("OK\n");
> + }
> +
> /* find the node holding the images information */
> images = fdt_path_offset(fit, FIT_IMAGES_PATH);
> if (images < 0) {
> --
> 2.17.1
>
More information about the U-Boot
mailing list