[PATCH 08/16] tools: Tidy up argument order in fit_config_check_sig()

Simon Glass sjg at chromium.org
Fri Nov 12 20:28:09 CET 2021


Put the parent node first in the parameters as this is more natural. Also
add a comment to explain what is going on.

Signed-off-by: Simon Glass <sjg at chromium.org>
---

 boot/image-fit-sig.c | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c
index f0ccd9b5227..253748ef649 100644
--- a/boot/image-fit-sig.c
+++ b/boot/image-fit-sig.c
@@ -226,21 +226,34 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
 /**
  * fit_config_check_sig() - Check the signature of a config
  *
+ * Here we are looking at a particular signature that needs verification (here
+ * signature-1):
+ *
+ *	configurations {
+ *		default = "conf-1";
+ *		conf-1 {
+ *			kernel = "kernel-1";
+ *			fdt = "fdt-1";
+ *			signature-1 {
+ *				algo = "sha1,rsa2048";
+ *				value = <...conf 1 signature...>;
+ *			};
+ *		};
+ *
  * @fit: FIT to check
- * @noffset: Offset of configuration node (e.g. /configurations/conf-1)
- * @required_keynode:	Offset in the control FDT of the required key node,
+ * @noffset: Offset of the signature node being checked (e.g.
+ *	 /configurations/conf-1/signature-1)
+ * @conf_noffset: Offset of configuration node (e.g. /configurations/conf-1)
+ * @required_keynode:	Offset in @key_blob of the required key node,
  *			if any. If this is given, then the configuration wil not
  *			pass verification unless that key is used. If this is
  *			-1 then any signature will do.
- * @conf_noffset: Offset of the configuration subnode being checked (e.g.
- *	 /configurations/conf-1/kernel)
  * @err_msgp:		In the event of an error, this will be pointed to a
  *			help error string to display to the user.
  * @return 0 if all verified ok, <0 on error
  */
-static int fit_config_check_sig(const void *fit, int noffset,
-				int required_keynode, int conf_noffset,
-				char **err_msgp)
+static int fit_config_check_sig(const void *fit, int noffset, int conf_noffset,
+				int required_keynode, char **err_msgp)
 {
 	static char * const exc_prop[] = {
 		"data",
@@ -409,8 +422,8 @@ static int fit_config_verify_key(const void *fit, int conf_noffset,
 
 		if (!strncmp(name, FIT_SIG_NODENAME,
 			     strlen(FIT_SIG_NODENAME))) {
-			ret = fit_config_check_sig(fit, noffset, key_offset,
-						   conf_noffset, &err_msg);
+			ret = fit_config_check_sig(fit, noffset, conf_noffset,
+						   key_offset, &err_msg);
 			if (ret) {
 				puts("- ");
 			} else {
-- 
2.34.0.rc1.387.gb447b232ab-goog



More information about the U-Boot mailing list