Enhance fit_check_sign to check all images

At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)

2 files changed, 14 insertions, 5 deletions

diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
index 768be2f..69e99c0 100644
--- a/tools/fit_check_sign.c
+++ b/tools/fit_check_sign.c
@@ -80,10 +80,13 @@ int main(int argc, char **argv)
 
 	image_set_host_blob(key_blob);
 	ret = fit_check_sign(fit_blob, key_blob);
-	if (!ret)
+	if (!ret) {
 		ret = EXIT_SUCCESS;
-	else
+		fprintf(stderr, "Signature check OK\n");
+	} else {
 		ret = EXIT_FAILURE;
+		fprintf(stderr, "Signature check Bad (error %d)\n", ret);
+	}
 
 	(void) munmap((void *)fit_blob, fsbuf.st_size);
 	(void) munmap((void *)key_blob, ksbuf.st_size);
diff --git a/tools/image-host.c b/tools/image-host.c
index faeef66..0eff720 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -10,6 +10,7 @@
  */
 
 #include "mkimage.h"
+#include <bootm.h>
 #include <image.h>
 #include <version.h>
 
@@ -707,16 +708,21 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
 }
 
 #ifdef CONFIG_FIT_SIGNATURE
-int fit_check_sign(const void *working_fdt, const void *key)
+int fit_check_sign(const void *fit, const void *key)
 {
 	int cfg_noffset;
 	int ret;
 
-	cfg_noffset = fit_conf_get_node(working_fdt, NULL);
+	cfg_noffset = fit_conf_get_node(fit, NULL);
 	if (!cfg_noffset)
 		return -1;
 
-	ret = fit_config_verify(working_fdt, cfg_noffset);
+	printf("Verifying Hash Integrity ... ");
+	ret = fit_config_verify(fit, cfg_noffset);
+	if (ret)
+		return ret;
+	ret = bootm_host_load_images(fit, cfg_noffset);
+
 	return ret;
 }
 #endif