[PATCH 10/16] image: Return destination node for add_verify_data() method

Simon Glass sjg at chromium.org
Fri Nov 12 20:28:11 CET 2021


It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg at chromium.org>
---

 include/image.h             | 3 ++-
 include/u-boot/ecdsa.h      | 5 +++--
 include/u-boot/rsa.h        | 5 +++--
 lib/ecdsa/ecdsa-libcrypto.c | 4 ++--
 lib/rsa/rsa-sign.c          | 5 ++++-
 tools/image-host.c          | 5 ++---
 6 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/include/image.h b/include/image.h
index d5598cec461..0f5e037a192 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1242,7 +1242,8 @@ struct crypto_algo {
 	 *
 	 * @info:	Specifies key and FIT information
 	 * @keydest:	Destination FDT blob for public key data
-	 * @return: 0, on success, -ve on error
+	 * @return: node offset within the FDT blob where the data was written,
+	 *	or -ve on error
 	 */
 	int (*add_verify_data)(struct image_sign_info *info, void *keydest);
 
diff --git a/include/u-boot/ecdsa.h b/include/u-boot/ecdsa.h
index f6951c7346d..f1fa176d916 100644
--- a/include/u-boot/ecdsa.h
+++ b/include/u-boot/ecdsa.h
@@ -44,8 +44,9 @@ int ecdsa_sign(struct image_sign_info *info, const struct image_region region[],
  *
  * @info:	Specifies key and FIT information
  * @keydest:	Destination FDT blob for public key data
- * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space,
- * other -ve value on error
+ * @return: node offset within the FDT blob where the data was written on
+ *	success, -ENOSPC if the keydest FDT blob ran out of space, other -ve
+ *	value on other error
  */
 int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest);
 
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 7556aa5b4b7..fafefeedd80 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -61,8 +61,9 @@ int rsa_sign(struct image_sign_info *info,
  *
  * @info:	Specifies key and FIT information
  * @keydest:	Destination FDT blob for public key data
- * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space,
-		other -ve value on error
+ * @return: node offset within the FDT blob where the data was written on
+ *	success, -ENOSPC if the keydest FDT blob ran out of space, other -ve
+ *	value on other error
 */
 int rsa_add_verify_data(struct image_sign_info *info, void *keydest);
 
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 1757a145623..aa9a226d031 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -299,7 +299,7 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
 	if (ret < 0)
 		return ret;
 
-	return 0;
+	return key_node;
 }
 
 int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt)
@@ -311,7 +311,7 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt)
 	fdt_key_name = info->keyname ? info->keyname : "default-key";
 	ret = prepare_ctx(&ctx, info);
 	if (ret >= 0)
-		do_add(&ctx, fdt, fdt_key_name);
+		ret = do_add(&ctx, fdt, fdt_key_name);
 
 	free_ctx(&ctx);
 	return ret;
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 0579e5294ee..e8b06c857f2 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -701,5 +701,8 @@ err_get_pub_key:
 	if (info->engine_id)
 		rsa_engine_remove(e);
 
-	return ret;
+	if (ret)
+		return ret;
+
+	return node;
 }
diff --git a/tools/image-host.c b/tools/image-host.c
index e4322d323a2..e53fe4bbbed 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -264,7 +264,7 @@ static int fit_image_process_sig(const char *keydir, const char *keyfile,
 	 */
 	if (keydest) {
 		ret = info.crypto->add_verify_data(&info, keydest);
-		if (ret) {
+		if (ret < 0) {
 			printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
 			       node_name, image_name);
 			return ret;
@@ -1030,11 +1030,10 @@ static int fit_config_process_sig(const char *keydir, const char *keyfile,
 	/* Write the public key into the supplied FDT file */
 	if (keydest) {
 		ret = info.crypto->add_verify_data(&info, keydest);
-		if (ret) {
+		if (ret < 0) {
 			printf("Failed to add verification data for '%s' signature node in '%s' configuration node\n",
 			       node_name, conf_name);
 		}
-		return ret;
 	}
 
 	return 0;
-- 
2.34.0.rc1.387.gb447b232ab-goog



More information about the U-Boot mailing list