[PATCH 09/16] tools: Pass the key blob around

Simon Glass sjg at chromium.org
Fri Nov 12 20:28:10 CET 2021


At present we rely on the key blob being in the global_data fdt_blob
pointer. This is true in U-Boot but not with tools. For clarity, pass the
parameter around.

Signed-off-by: Simon Glass <sjg at chromium.org>
---

 boot/image-fit-sig.c | 31 ++++++++++++++++++-------------
 boot/image-fit.c     | 12 +++++++-----
 common/spl/spl_fit.c |  3 ++-
 include/image.h      | 23 ++++++++++++++++++-----
 4 files changed, 45 insertions(+), 24 deletions(-)

diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c
index 253748ef649..a751c12d174 100644
--- a/boot/image-fit-sig.c
+++ b/boot/image-fit-sig.c
@@ -65,7 +65,8 @@ struct image_region *fit_region_make_list(const void *fit,
 
 static int fit_image_setup_verify(struct image_sign_info *info,
 				  const void *fit, int noffset,
-				  int required_keynode, char **err_msgp)
+				  const void *key_blob, int required_keynode,
+				  char **err_msgp)
 {
 	char *algo_name;
 	const char *padding_name;
@@ -91,7 +92,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
 	info->checksum = image_get_checksum_algo(algo_name);
 	info->crypto = image_get_crypto_algo(algo_name);
 	info->padding = image_get_padding_algo(padding_name);
-	info->fdt_blob = gd_fdt_blob();
+	info->fdt_blob = key_blob;
 	info->required_keynode = required_keynode;
 	printf("%s:%s", algo_name, info->keyname);
 
@@ -104,7 +105,8 @@ static int fit_image_setup_verify(struct image_sign_info *info,
 }
 
 int fit_image_check_sig(const void *fit, int noffset, const void *data,
-			size_t size, int required_keynode, char **err_msgp)
+			size_t size, const void *key_blob, int required_keynode,
+			char **err_msgp)
 {
 	struct image_sign_info info;
 	struct image_region region;
@@ -112,8 +114,8 @@ int fit_image_check_sig(const void *fit, int noffset, const void *data,
 	int fit_value_len;
 
 	*err_msgp = NULL;
-	if (fit_image_setup_verify(&info, fit, noffset, required_keynode,
-				   err_msgp))
+	if (fit_image_setup_verify(&info, fit, noffset, key_blob,
+				   required_keynode, err_msgp))
 		return -1;
 
 	if (fit_image_hash_get_value(fit, noffset, &fit_value,
@@ -156,8 +158,8 @@ static int fit_image_verify_sig(const void *fit, int image_noffset,
 		}
 		if (!strncmp(name, FIT_SIG_NODENAME,
 			     strlen(FIT_SIG_NODENAME))) {
-			ret = fit_image_check_sig(fit, noffset, data,
-						  size, -1, &err_msg);
+			ret = fit_image_check_sig(fit, noffset, data, size,
+						  key_blob, -1, &err_msg);
 			if (ret) {
 				puts("- ");
 			} else {
@@ -244,6 +246,7 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
  * @noffset: Offset of the signature node being checked (e.g.
  *	 /configurations/conf-1/signature-1)
  * @conf_noffset: Offset of configuration node (e.g. /configurations/conf-1)
+ * @key_blob: Blob containing the keys to check against
  * @required_keynode:	Offset in @key_blob of the required key node,
  *			if any. If this is given, then the configuration wil not
  *			pass verification unless that key is used. If this is
@@ -253,7 +256,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
  * @return 0 if all verified ok, <0 on error
  */
 static int fit_config_check_sig(const void *fit, int noffset, int conf_noffset,
-				int required_keynode, char **err_msgp)
+				const void *key_blob, int required_keynode,
+				char **err_msgp)
 {
 	static char * const exc_prop[] = {
 		"data",
@@ -275,12 +279,12 @@ static int fit_config_check_sig(const void *fit, int noffset, int conf_noffset,
 	int count;
 
 	config_name = fit_get_name(fit, conf_noffset, NULL);
-	debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__, gd_fdt_blob(),
+	debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__, key_blob,
 	      fit_get_name(fit, noffset, NULL),
-	      fit_get_name(gd_fdt_blob(), required_keynode, NULL));
+	      fit_get_name(key_blob, required_keynode, NULL));
 	*err_msgp = NULL;
-	if (fit_image_setup_verify(&info, fit, noffset, required_keynode,
-				   err_msgp))
+	if (fit_image_setup_verify(&info, fit, noffset, key_blob,
+				   required_keynode, err_msgp))
 		return -1;
 
 	if (fit_image_hash_get_value(fit, noffset, &fit_value,
@@ -423,7 +427,8 @@ static int fit_config_verify_key(const void *fit, int conf_noffset,
 		if (!strncmp(name, FIT_SIG_NODENAME,
 			     strlen(FIT_SIG_NODENAME))) {
 			ret = fit_config_check_sig(fit, noffset, conf_noffset,
-						   key_offset, &err_msg);
+						   key_blob, key_offset,
+						   &err_msg);
 			if (ret) {
 				puts("- ");
 			} else {
diff --git a/boot/image-fit.c b/boot/image-fit.c
index 33b4a46028b..59191a5486c 100644
--- a/boot/image-fit.c
+++ b/boot/image-fit.c
@@ -1309,7 +1309,8 @@ static int fit_image_check_hash(const void *fit, int noffset, const void *data,
 }
 
 int fit_image_verify_with_data(const void *fit, int image_noffset,
-			       const void *data, size_t size)
+			       const void *key_blob, const void *data,
+			       size_t size)
 {
 	int		noffset = 0;
 	char		*err_msg = "";
@@ -1319,7 +1320,7 @@ int fit_image_verify_with_data(const void *fit, int image_noffset,
 	/* Verify all required signatures */
 	if (FIT_IMAGE_ENABLE_VERIFY &&
 	    fit_image_verify_required_sigs(fit, image_noffset, data, size,
-					   gd_fdt_blob(), &verify_all)) {
+					   key_blob, &verify_all)) {
 		err_msg = "Unable to verify required signature";
 		goto error;
 	}
@@ -1342,8 +1343,8 @@ int fit_image_verify_with_data(const void *fit, int image_noffset,
 		} else if (FIT_IMAGE_ENABLE_VERIFY && verify_all &&
 				!strncmp(name, FIT_SIG_NODENAME,
 					strlen(FIT_SIG_NODENAME))) {
-			ret = fit_image_check_sig(fit, noffset, data,
-							size, -1, &err_msg);
+			ret = fit_image_check_sig(fit, noffset, data, size,
+						  gd_fdt_blob(), -1, &err_msg);
 
 			/*
 			 * Show an indication on failure, but do not return
@@ -1406,7 +1407,8 @@ int fit_image_verify(const void *fit, int image_noffset)
 		goto err;
 	}
 
-	return fit_image_verify_with_data(fit, image_noffset, data, size);
+	return fit_image_verify_with_data(fit, image_noffset, gd_fdt_blob(),
+					  data, size);
 
 err:
 	printf("error!\n%s in '%s' image node\n", err_msg,
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index 5fe0273d66d..55133ceea6f 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -314,7 +314,8 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector,
 	if (CONFIG_IS_ENABLED(FIT_SIGNATURE)) {
 		printf("## Checking hash(es) for Image %s ... ",
 		       fit_get_name(fit, node, NULL));
-		if (!fit_image_verify_with_data(fit, node, src, length))
+		if (!fit_image_verify_with_data(fit, node, gd_fdt_blob(), src,
+						length))
 			return -EPERM;
 		puts("OK\n");
 	}
diff --git a/include/image.h b/include/image.h
index 533c23e2002..d5598cec461 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1047,8 +1047,19 @@ int fit_add_verification_data(const char *keydir, const char *keyfile,
 			      int require_keys, const char *engine_id,
 			      const char *cmdname);
 
+/**
+ * fit_image_verify_with_data() - Verify an image with given data
+ *
+ * @fit:	Pointer to the FIT format image header
+ * @image_offset: Offset in @fit of image to verify
+ * @key_blob:	FDT containing public keys
+ * @data:	Image data to verify
+ * @size:	Size of image data
+ */
 int fit_image_verify_with_data(const void *fit, int image_noffset,
-			       const void *data, size_t size);
+			       const void *key_blob, const void *data,
+			       size_t size);
+
 int fit_image_verify(const void *fit, int noffset);
 int fit_config_verify(const void *fit, int conf_noffset);
 int fit_all_image_verify(const void *fit);
@@ -1296,7 +1307,7 @@ struct padding_algo *image_get_padding_algo(const char *name);
  * @image_noffset:	Offset of image node to check
  * @data:		Image data to check
  * @size:		Size of image data
- * @sig_blob:		FDT containing public keys
+ * @key_blob:		FDT containing public keys
  * @no_sigsp:		Returns 1 if no signatures were required, and
  *			therefore nothing was checked. The caller may wish
  *			to fall back to other mechanisms, or refuse to
@@ -1304,7 +1315,7 @@ struct padding_algo *image_get_padding_algo(const char *name);
  * @return 0 if all verified ok, <0 on error
  */
 int fit_image_verify_required_sigs(const void *fit, int image_noffset,
-		const char *data, size_t size, const void *sig_blob,
+		const char *data, size_t size, const void *key_blob,
 		int *no_sigsp);
 
 /**
@@ -1314,7 +1325,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
  * @noffset:		Offset of signature node to check
  * @data:		Image data to check
  * @size:		Size of image data
- * @required_keynode:	Offset in the control FDT of the required key node,
+ * @keyblob:		Key blob to check (typically the control FDT)
+ * @required_keynode:	Offset in the keyblob of the required key node,
  *			if any. If this is given, then the image wil not
  *			pass verification unless that key is used. If this is
  *			-1 then any signature will do.
@@ -1323,7 +1335,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
  * @return 0 if all verified ok, <0 on error
  */
 int fit_image_check_sig(const void *fit, int noffset, const void *data,
-		size_t size, int required_keynode, char **err_msgp);
+			size_t size, const void *key_blob, int required_keynode,
+			char **err_msgp);
 
 int fit_image_decrypt_data(const void *fit,
 			   int image_noffset, int cipher_noffset,
-- 
2.34.0.rc1.387.gb447b232ab-goog



More information about the U-Boot mailing list