[PATCH 2/2] cmd: Add CONFIG_FIT_SIGNATURE_STRICT

Oleksandr Suvorov oleksandr.suvorov at foundries.io
Thu Sep 16 15:09:58 CEST 2021


From: Ricardo Salveti <ricardo at foundries.io>

Add CONFIG_FIT_SIGNATURE_STRICT to require a valid FIT configuration
signature for each command that is able to manipulate FIT images.

Signed-off-by: Ricardo Salveti <ricardo at foundries.io>
Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov at foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov at foundries.io>
---

 cmd/fpga.c          | 14 ++++++++++++++
 cmd/source.c        | 14 ++++++++++++++
 cmd/ximg.c          | 14 ++++++++++++++
 common/Kconfig.boot |  4 ++++
 4 files changed, 46 insertions(+)

diff --git a/cmd/fpga.c b/cmd/fpga.c
index 3fdd0b35e80..16d329590fa 100644
--- a/cmd/fpga.c
+++ b/cmd/fpga.c
@@ -335,6 +335,20 @@ static int do_fpga_loadmk(struct cmd_tbl *cmdtp, int flag, int argc,
 			return CMD_RET_FAILURE;
 		}
 
+		if (CONFIG_IS_ENABLED(FIT_SIGNATURE_STRICT)) {
+			/* validate required fit config entry */
+			noffset = fit_conf_get_node(fit_hdr, NULL);
+			if (noffset >= 0) {
+				if (fit_config_verify(fit_hdr, noffset)) {
+					puts("Cannot verify FIT config node\n");
+					return CMD_RET_FAILURE;
+				}
+			} else {
+				puts("FIT_SIGNATURE_STRICT requires a config node\n");
+				return CMD_RET_FAILURE;
+			}
+		}
+
 		/* get fpga component image node offset */
 		noffset = fit_image_get_node(fit_hdr, fit_uname);
 		if (noffset < 0) {
diff --git a/cmd/source.c b/cmd/source.c
index 81e015b64ef..b08406dfcbf 100644
--- a/cmd/source.c
+++ b/cmd/source.c
@@ -112,6 +112,20 @@ int image_source_script(ulong addr, const char *fit_uname)
 			return 1;
 		}
 
+		if (CONFIG_IS_ENABLED(FIT_SIGNATURE_STRICT)) {
+			/* validate required fit config entry */
+			noffset = fit_conf_get_node(fit_hdr, NULL);
+			if (noffset >= 0) {
+				if (fit_config_verify(fit_hdr, noffset)) {
+					puts("Cannot verify FIT config node\n");
+					return 1;
+				}
+			} else {
+				puts("FIT_SIGNATURE_STRICT requires a config node\n");
+				return 1;
+			}
+		}
+
 		if (!fit_uname)
 			fit_uname = get_default_image(fit_hdr);
 
diff --git a/cmd/ximg.c b/cmd/ximg.c
index 65ba41320a0..39fccd8179c 100644
--- a/cmd/ximg.c
+++ b/cmd/ximg.c
@@ -141,6 +141,20 @@ do_imgextract(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
 			return 1;
 		}
 
+		if (CONFIG_IS_ENABLED(FIT_SIGNATURE_STRICT)) {
+			/* validate required fit config entry */
+			noffset = fit_conf_get_node(fit_hdr, NULL);
+			if (noffset >= 0) {
+				if (fit_config_verify(fit_hdr, noffset)) {
+					puts("Cannot verify FIT config node\n");
+					return 1;
+				}
+			} else {
+				puts("FIT_SIGNATURE_STRICT requires a config node\n");
+				return 1;
+			}
+		}
+
 		/* get subimage node offset */
 		noffset = fit_image_get_node(fit_hdr, uname);
 		if (noffset < 0) {
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 6f95d009dfa..ca7d9a8d971 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -77,6 +77,10 @@ config FIT_SIGNATURE_MAX_SIZE
 	  device memory. Assure this size does not extend past expected storage
 	  space.
 
+config FIT_SIGNATURE_STRICT
+	bool "Requires a valid FIT configuration signature for every image"
+	select FIT_SIGNATURE
+
 config FIT_RSASSA_PSS
 	bool "Support rsassa-pss signature scheme of FIT image contents"
 	depends on FIT_SIGNATURE
-- 
2.31.1



More information about the U-Boot mailing list