summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon Glass <sjg@chromium.org>2014-06-12 07:24:53 -0600
committerTom Rini <trini@ti.com>2014-06-19 11:19:02 -0400
commitce1400f6949bbfec01fe381a844b14844cb3be12 (patch)
tree4bba7f30fed605271e25492b687e7633eb15bbb0
parent2b164f1cea69c7c583a26502d2a68d1c62eb0b5a (diff)
downloadu-boot-imx-ce1400f6949bbfec01fe381a844b14844cb3be12.zip
u-boot-imx-ce1400f6949bbfec01fe381a844b14844cb3be12.tar.gz
u-boot-imx-ce1400f6949bbfec01fe381a844b14844cb3be12.tar.bz2
Enhance fit_check_sign to check all images
At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1)
-rw-r--r--common/bootm.c71
-rw-r--r--common/image-fit.c3
-rw-r--r--doc/uImage.FIT/signature.txt3
-rw-r--r--include/bootm.h2
-rw-r--r--include/image.h5
-rw-r--r--tools/fit_check_sign.c7
-rw-r--r--tools/image-host.c12
7 files changed, 96 insertions, 7 deletions
diff --git a/common/bootm.c b/common/bootm.c
index d93d3f3..7ec2ed8 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -244,6 +244,7 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc,
return 0;
}
+#endif /* USE_HOSTCC */
/**
* decomp_image() - decompress the operating system
@@ -353,6 +354,7 @@ static int decomp_image(int comp, ulong load, ulong image_start, int type,
return 0;
}
+#ifndef USE_HOSTCC
static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
int boot_progress)
{
@@ -838,5 +840,74 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc,
return buf;
}
+#else /* USE_HOSTCC */
+
+void memmove_wd(void *to, void *from, size_t len, ulong chunksz)
+{
+ memmove(to, from, len);
+}
+
+static int bootm_host_load_image(const void *fit, int req_image_type)
+{
+ const char *fit_uname_config = NULL;
+ ulong data, len;
+ bootm_headers_t images;
+ int noffset;
+ ulong load_end;
+ uint8_t image_type;
+ uint8_t imape_comp;
+ void *load_buf;
+ int ret;
+
+ memset(&images, '\0', sizeof(images));
+ images.verify = 1;
+ noffset = fit_image_load(&images, (ulong)fit,
+ NULL, &fit_uname_config,
+ IH_ARCH_DEFAULT, req_image_type, -1,
+ FIT_LOAD_IGNORED, &data, &len);
+ if (noffset < 0)
+ return noffset;
+ if (fit_image_get_type(fit, noffset, &image_type)) {
+ puts("Can't get image type!\n");
+ return -EINVAL;
+ }
+
+ if (fit_image_get_comp(fit, noffset, &imape_comp)) {
+ puts("Can't get image compression!\n");
+ return -EINVAL;
+ }
+
+ /* Allow the image to expand by a factor of 4, should be safe */
+ load_buf = malloc((1 << 20) + len * 4);
+ ret = decomp_image(imape_comp, 0, data, image_type, load_buf,
+ (void *)data, len, &load_end);
+ free(load_buf);
+ if (ret && ret != BOOTM_ERR_UNIMPLEMENTED)
+ return ret;
+
+ return 0;
+}
+
+int bootm_host_load_images(const void *fit, int cfg_noffset)
+{
+ static uint8_t image_types[] = {
+ IH_TYPE_KERNEL,
+ IH_TYPE_FLATDT,
+ IH_TYPE_RAMDISK,
+ };
+ int err = 0;
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(image_types); i++) {
+ int ret;
+
+ ret = bootm_host_load_image(fit, image_types[i]);
+ if (!err && ret && ret != -ENOENT)
+ err = ret;
+ }
+
+ /* Return the first error we found */
+ return err;
+}
#endif /* ndef USE_HOSTCC */
diff --git a/common/image-fit.c b/common/image-fit.c
index 83fac9a..3311343 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1591,12 +1591,13 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
}
bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
+#ifndef USE_HOSTCC
if (!fit_image_check_target_arch(fit, noffset)) {
puts("Unsupported Architecture\n");
bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
return -ENOEXEC;
}
-
+#endif
if (image_type == IH_TYPE_FLATDT &&
!fit_image_check_comp(fit, noffset, IH_COMP_NONE)) {
puts("FDT image is compressed");
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index 672dc35..a6ab543 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -361,6 +361,7 @@ Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
+Signature check OK
OK
Test Verified Boot Run: signed config: OK
Test Verified Boot Run: signed config with bad hash: OK
@@ -374,12 +375,14 @@ Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
+Signature check OK
OK
Test Verified Boot Run: signed config: OK
Test Verified Boot Run: signed config with bad hash: OK
Test passed
+
Future Work
-----------
- Roll-back protection using a TPM is done using the tpm command. This can
diff --git a/include/bootm.h b/include/bootm.h
index 0a3ec56..4a308d8 100644
--- a/include/bootm.h
+++ b/include/bootm.h
@@ -41,6 +41,8 @@ void lynxkdi_boot(image_header_t *hdr);
boot_os_fn *bootm_os_get_boot_func(int os);
+int bootm_host_load_images(const void *fit, int cfg_noffset);
+
int boot_selected_os(int argc, char * const argv[], int state,
bootm_headers_t *images, boot_os_fn *boot_fn);
diff --git a/include/image.h b/include/image.h
index ae767f0..ab93eb6 100644
--- a/include/image.h
+++ b/include/image.h
@@ -425,6 +425,7 @@ ulong genimg_get_image(ulong img_addr);
int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
uint8_t arch, ulong *rd_start, ulong *rd_end);
+#endif
/**
* fit_image_load() - load an image from a FIT
@@ -454,12 +455,14 @@ int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
* @param load_op Decribes what to do with the load address
* @param datap Returns address of loaded image
* @param lenp Returns length of loaded image
+ * @return node offset of image, or -ve error code on error
*/
int fit_image_load(bootm_headers_t *images, ulong addr,
const char **fit_unamep, const char **fit_uname_configp,
int arch, int image_type, int bootstage_id,
enum fit_load_op load_op, ulong *datap, ulong *lenp);
+#ifndef USE_HOSTCC
/**
* fit_get_node_from_config() - Look up an image a FIT by type
*
@@ -604,8 +607,8 @@ int image_check_dcrc(const image_header_t *hdr);
ulong getenv_bootm_low(void);
phys_size_t getenv_bootm_size(void);
phys_size_t getenv_bootm_mapsize(void);
-void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
#endif
+void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
static inline int image_check_magic(const image_header_t *hdr)
{
diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
index 768be2f..69e99c0 100644
--- a/tools/fit_check_sign.c
+++ b/tools/fit_check_sign.c
@@ -80,10 +80,13 @@ int main(int argc, char **argv)
image_set_host_blob(key_blob);
ret = fit_check_sign(fit_blob, key_blob);
- if (!ret)
+ if (!ret) {
ret = EXIT_SUCCESS;
- else
+ fprintf(stderr, "Signature check OK\n");
+ } else {
ret = EXIT_FAILURE;
+ fprintf(stderr, "Signature check Bad (error %d)\n", ret);
+ }
(void) munmap((void *)fit_blob, fsbuf.st_size);
(void) munmap((void *)key_blob, ksbuf.st_size);
diff --git a/tools/image-host.c b/tools/image-host.c
index faeef66..0eff720 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -10,6 +10,7 @@
*/
#include "mkimage.h"
+#include <bootm.h>
#include <image.h>
#include <version.h>
@@ -707,16 +708,21 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
}
#ifdef CONFIG_FIT_SIGNATURE
-int fit_check_sign(const void *working_fdt, const void *key)
+int fit_check_sign(const void *fit, const void *key)
{
int cfg_noffset;
int ret;
- cfg_noffset = fit_conf_get_node(working_fdt, NULL);
+ cfg_noffset = fit_conf_get_node(fit, NULL);
if (!cfg_noffset)
return -1;
- ret = fit_config_verify(working_fdt, cfg_noffset);
+ printf("Verifying Hash Integrity ... ");
+ ret = fit_config_verify(fit, cfg_noffset);
+ if (ret)
+ return ret;
+ ret = bootm_host_load_images(fit, cfg_noffset);
+
return ret;
}
#endif