[PATCH v6 15/16] cmd: verify: initial import
Philippe REYNES
philippe.reynes at softathome.com
Thu Mar 10 17:53:04 CET 2022
Hi Simon,
Le 03/03/2022 à 04:37, Simon Glass a écrit :
> Hi Philippe,
>
> On Fri, 25 Feb 2022 at 07:58, Philippe Reynes
> <philippe.reynes at softathome.com> wrote:
>> Add the command verify that check the signature of
>> an image with the pre-load header. If the check
>> succeed, the u-boot env variable 'loadaddr_verified'
>> is set to the address of the image (without the header).
>>
>> It allows to run such commands:
>> tftp script.img && verify $loadaddr && source $loadaddr_verified
>>
>> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
>> ---
>> cmd/Kconfig | 7 +++++++
>> cmd/Makefile | 1 +
>> cmd/verify.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
>> 3 files changed, 61 insertions(+)
>> create mode 100644 cmd/verify.c
>>
> Using the 'verify' command seems a bit vague. Could it be a
> sub-command of bootm perhaps?
The command verify may be used with any binary (script, video firmware,
.....).
So a lot of binaries that are not launched by bootm.
I think that it is not "logic" to used a bootm subcommand.
But we could use another name if you want.
For example : pre_load_verify ?
>> diff --git a/cmd/Kconfig b/cmd/Kconfig
>> index 87aa3fb11a..0460d5c3a0 100644
>> --- a/cmd/Kconfig
>> +++ b/cmd/Kconfig
>> @@ -428,6 +428,13 @@ config CMD_THOR_DOWNLOAD
>> There is no documentation about this within the U-Boot source code
>> but you should be able to find something on the interwebs.
>>
>> +config CMD_VERIFY
>> + bool "verify the global signature"
>> + depends on CMD_BOOTM_PRE_LOAD
>> + help
>> + Verify the signature provided in a pre-load header of
>> + a full image.
> Please point to docs here
>
>> +
>> config CMD_ZBOOT
>> bool "zboot - x86 boot command"
>> help
>> diff --git a/cmd/Makefile b/cmd/Makefile
>> index 166c652d98..80e054e806 100644
>> --- a/cmd/Makefile
>> +++ b/cmd/Makefile
>> @@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_THOR_DOWNLOAD) += thordown.o
>> obj-$(CONFIG_CMD_XIMG) += ximg.o
>> obj-$(CONFIG_CMD_YAFFS2) += yaffs2.o
>> obj-$(CONFIG_CMD_SPL) += spl.o
>> +obj-$(CONFIG_CMD_VERIFY) += verify.o
>> obj-$(CONFIG_CMD_W1) += w1.o
>> obj-$(CONFIG_CMD_ZIP) += zip.o
>> obj-$(CONFIG_CMD_ZFS) += zfs.o
>> diff --git a/cmd/verify.c b/cmd/verify.c
>> new file mode 100644
>> index 0000000000..4d055e0790
>> --- /dev/null
>> +++ b/cmd/verify.c
>> @@ -0,0 +1,53 @@
>> +// SPDX-License-Identifier: GPL-2.0+
>> +/*
>> + * Copyright (C) 2022 Philippe Reynes <philippe.reynes at softathome.com>
>> + */
>> +
>> +#include <common.h>
>> +#include <env.h>
>> +#include <image.h>
>> +#include <mapmem.h>
>> +
>> +static ulong verify_get_addr(int argc, char *const argv[])
>> +{
>> + ulong addr;
>> +
>> + if (argc > 0)
>> + addr = simple_strtoul(argv[0], NULL, 16);
> hextoul
>
>> + else
>> + addr = image_load_addr;
>> +
>> + return addr;
>> +}
>> +
>> +static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc,
>> + char *const argv[])
>> +{
>> + ulong addr = verify_get_addr(argc, argv);
>> + int ret = 0;
>> +
>> + argc--; argv++;
>> +
>> + addr = verify_get_addr(argc, argv);
>> +
>> + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) {
>> + ret = image_pre_load(addr);
>> +
>> + if (ret) {
>> + ret = CMD_RET_FAILURE;
>> + goto out;
>> + }
>> +
>> + env_set_hex("loadaddr_verified", addr + image_load_offset);
>> + }
>> +
>> + out:
>> + return ret;
>> +}
>> +
>> +U_BOOT_CMD(verify, 2, 1, do_verify,
>> + "verify the global signature provided in the pre-load header,\n"
>> + "\tif the check succeed, the u-boot env variable loadaddr_verified\n"
>> + "\tis set to the address of the image (without the header)",
>> + "<image addr>"
>> +);
>> --
>> 2.17.1
>>
> Regards,
> Simon
Regards,
Philippe
More information about the U-Boot
mailing list