[PATCH 12/16] tools: mkimage: Show where signatures/keys are written
Simon Glass
sjg at chromium.org
Fri Nov 12 20:28:13 CET 2021
At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.
Sample:
Signature written to 'sha1-basic/test.fit',
node '/configurations/conf-1/signature'
Public key written to 'sha1-basic/sandbox-u-boot.dtb',
node '/signature/key-dev'
Signed-off-by: Simon Glass <sjg at chromium.org>
---
include/image.h | 23 ++++++++++++++++++++++-
tools/fit_common.c | 13 +++++++++++++
tools/fit_common.h | 10 ++++++++++
tools/fit_image.c | 3 ++-
tools/image-host.c | 23 ++++++++++++++++++-----
tools/imagetool.h | 3 +++
tools/mkimage.c | 4 ++++
7 files changed, 72 insertions(+), 7 deletions(-)
diff --git a/include/image.h b/include/image.h
index 0f5e037a192..733fa016694 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1021,6 +1021,25 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
const char *comment, int require_keys,
const char *engine_id, const char *cmdname);
+#define NODE_MAX_NAME_LEN 80
+
+/**
+ * struct image_summary - Provides information about signing info added
+ *
+ * @sig_offset: Offset of the node in the blob devicetree where the signature
+ * was wriiten
+ * @sig_path: Path to @sig_offset
+ * @keydest_offset: Offset of the node in the keydest devicetree where the
+ * public key was written (-1 if none)
+ * @keydest_path: Path to @keydest_offset
+ */
+struct image_summary {
+ int sig_offset;
+ char sig_path[NODE_MAX_NAME_LEN];
+ int keydest_offset;
+ char keydest_path[NODE_MAX_NAME_LEN];
+};
+
/**
* fit_add_verification_data() - add verification data to FIT image nodes
*
@@ -1031,6 +1050,7 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
* @require_keys: Mark all keys as 'required'
* @engine_id: Engine to use for signing
* @cmdname: Command name used when reporting errors
+ * @summary: Returns information about what data was written
*
* Adds hash values for all component images in the FIT blob.
* Hashes are calculated for all component images which have hash subnodes
@@ -1045,7 +1065,8 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
int fit_add_verification_data(const char *keydir, const char *keyfile,
void *keydest, void *fit, const char *comment,
int require_keys, const char *engine_id,
- const char *cmdname);
+ const char *cmdname,
+ struct image_summary *summary);
/**
* fit_image_verify_with_data() - Verify an image with given data
diff --git a/tools/fit_common.c b/tools/fit_common.c
index d13e5ebf1ae..defdc9d5688 100644
--- a/tools/fit_common.c
+++ b/tools/fit_common.c
@@ -167,3 +167,16 @@ int copyfile(const char *src, const char *dst)
return ret;
}
+
+void summary_show(struct image_summary *summary, const char *imagefile,
+ const char *keydest)
+{
+ if (summary->sig_offset) {
+ printf("Signature written to '%s', node '%s'\n", imagefile,
+ summary->sig_path);
+ if (keydest) {
+ printf("Public key written to '%s', node '%s'\n",
+ keydest, summary->keydest_path);
+ }
+ }
+}
diff --git a/tools/fit_common.h b/tools/fit_common.h
index 55f3f6acd4e..07fb718ae3a 100644
--- a/tools/fit_common.h
+++ b/tools/fit_common.h
@@ -52,4 +52,14 @@ int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
*/
int copyfile(const char *src, const char *dst);
+/**
+ * summary_show() - Show summary information about the signing process
+ *
+ * @summary: Summary info to show
+ * @imagefile: Filename of the output image
+ * @keydest: Filename where the key information is written (NULL if none)
+ */
+void summary_show(struct image_summary *summary, const char *imagefile,
+ const char *keydest);
+
#endif /* _FIT_COMMON_H_ */
diff --git a/tools/fit_image.c b/tools/fit_image.c
index c4f56bb6967..aff27d0ffcb 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -73,7 +73,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
params->comment,
params->require_keys,
params->engine_id,
- params->cmdname);
+ params->cmdname,
+ ¶ms->summary);
}
if (dest_blob) {
diff --git a/tools/image-host.c b/tools/image-host.c
index e2b120ce532..fb9aa7493cc 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -1064,7 +1064,7 @@ static int fit_config_process_sig(const char *keydir, const char *keyfile,
static int fit_config_add_verification_data(const char *keydir,
const char *keyfile, void *keydest, void *fit, int conf_noffset,
const char *comment, int require_keys, const char *engine_id,
- const char *cmdname)
+ const char *cmdname, struct image_summary *summary)
{
const char *conf_name;
int noffset;
@@ -1084,9 +1084,20 @@ static int fit_config_add_verification_data(const char *keydir,
ret = fit_config_process_sig(keydir, keyfile, keydest,
fit, conf_name, conf_noffset, noffset, comment,
require_keys, engine_id, cmdname);
+ if (ret < 0)
+ return ret;
+
+ summary->sig_offset = noffset;
+ fdt_get_path(fit, noffset, summary->sig_path,
+ sizeof(summary->sig_path));
+
+ if (keydest) {
+ summary->keydest_offset = ret;
+ fdt_get_path(keydest, ret,
+ summary->keydest_path,
+ sizeof(summary->keydest_path));
+ }
}
- if (ret < 0)
- return ret;
}
return 0;
@@ -1130,7 +1141,8 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
int fit_add_verification_data(const char *keydir, const char *keyfile,
void *keydest, void *fit, const char *comment,
int require_keys, const char *engine_id,
- const char *cmdname)
+ const char *cmdname,
+ struct image_summary *summary)
{
int images_noffset, confs_noffset;
int noffset;
@@ -1178,7 +1190,8 @@ int fit_add_verification_data(const char *keydir, const char *keyfile,
ret = fit_config_add_verification_data(keydir, keyfile, keydest,
fit, noffset, comment,
require_keys,
- engine_id, cmdname);
+ engine_id, cmdname,
+ summary);
if (ret)
return ret;
}
diff --git a/tools/imagetool.h b/tools/imagetool.h
index e229a34ffc5..c0579c8c93c 100644
--- a/tools/imagetool.h
+++ b/tools/imagetool.h
@@ -21,6 +21,8 @@
#include <unistd.h>
#include <u-boot/sha1.h>
+#include <image.h>
+
#include "fdt_host.h"
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
@@ -83,6 +85,7 @@ struct image_tool_params {
int bl_len; /* Block length in byte for external data */
const char *engine_id; /* Engine to use for signing */
bool reset_timestamp; /* Reset the timestamp on an existing image */
+ struct image_summary summary; /* results of signing process */
};
/*
diff --git a/tools/mkimage.c b/tools/mkimage.c
index fbe883ce362..566607c489e 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -10,6 +10,7 @@
#include "imagetool.h"
#include "mkimage.h"
#include "imximage.h"
+#include <fit_common.h>
#include <image.h>
#include <version.h>
#ifdef __linux__
@@ -469,6 +470,9 @@ int main(int argc, char **argv)
(void) munmap((void *)ptr, sbuf.st_size);
(void) close (ifd);
+ if (!retval)
+ summary_show(¶ms.summary, params.imagefile,
+ params.keydest);
exit (retval);
}
--
2.34.0.rc1.387.gb447b232ab-goog
More information about the U-Boot
mailing list