diff options
Diffstat (limited to 'tools')
-rw-r--r-- | tools/.gitignore | 2 | ||||
-rw-r--r-- | tools/Makefile | 16 | ||||
-rw-r--r-- | tools/env/Makefile | 2 | ||||
-rw-r--r-- | tools/env/fw_env.c | 129 | ||||
-rw-r--r-- | tools/env/fw_env_main.c | 17 | ||||
-rw-r--r-- | tools/fdt_host.h | 2 | ||||
-rw-r--r-- | tools/fdtdec.c | 1 | ||||
-rw-r--r-- | tools/fit_check_sign.c | 85 | ||||
-rw-r--r-- | tools/fit_common.c | 86 | ||||
-rw-r--r-- | tools/fit_common.h | 22 | ||||
-rw-r--r-- | tools/fit_image.c | 62 | ||||
-rw-r--r-- | tools/fit_info.c | 96 | ||||
-rw-r--r-- | tools/image-host.c | 17 | ||||
-rw-r--r-- | tools/rsa-checksum.c | 1 | ||||
-rw-r--r-- | tools/rsa-verify.c | 1 | ||||
-rw-r--r-- | tools/sha256.c | 1 |
16 files changed, 471 insertions, 69 deletions
diff --git a/tools/.gitignore b/tools/.gitignore index 2a90dfe..b1e997f 100644 --- a/tools/.gitignore +++ b/tools/.gitignore @@ -1,5 +1,7 @@ /bmp_logo /envcrc +/fit_check_sign +/fit_info /gen_eth_addr /img2srec /kwboot diff --git a/tools/Makefile b/tools/Makefile index 097cc1d..c5c378c 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -40,7 +40,6 @@ CONFIG_BUILD_ENVCRC ?= $(ENVCRC-y) # TODO: CONFIG_CMD_LICENSE does not work hostprogs-$(CONFIG_CMD_LICENSE) += bin2header$(SFX) - hostprogs-$(CONFIG_LCD_LOGO) += bmp_logo$(SFX) hostprogs-$(CONFIG_VIDEO_LOGO) += bmp_logo$(SFX) HOSTCFLAGS_bmp_logo$(SFX).o := -pedantic @@ -61,17 +60,22 @@ hostprogs-y += mkenvimage$(SFX) mkenvimage$(SFX)-objs := crc32.o mkenvimage.o os_support.o hostprogs-y += dumpimage$(SFX) mkimage$(SFX) +ifdef CONFIG_FIT_SIGNATURE +hostprogs-y += fit_info$(SFX) fit_check_sign$(SFX) +endif FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := image-sig.o # Flattened device tree objects LIBFDT_OBJS := fdt.o fdt_ro.o fdt_rw.o fdt_strerror.o fdt_wip.o -RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := rsa-sign.o +RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := rsa-sign.o rsa-verify.o rsa-checksum.o # common objs for dumpimage and mkimage dumpimage-mkimage-objs := aisimage.o \ $(FIT_SIG_OBJS-y) \ crc32.o \ default_image.o \ + fdtdec.o \ + fit_common.o \ fit_image.o \ image-fit.o \ image-host.o \ @@ -85,12 +89,15 @@ dumpimage-mkimage-objs := aisimage.o \ os_support.o \ pblimage.o \ sha1.o \ + sha256.o \ ublimage.o \ $(LIBFDT_OBJS) \ $(RSA_OBJS-y) dumpimage$(SFX)-objs := $(dumpimage-mkimage-objs) dumpimage.o mkimage$(SFX)-objs := $(dumpimage-mkimage-objs) mkimage.o +fit_info$(SFX)-objs := $(dumpimage-mkimage-objs) fit_info.o +fit_check_sign$(SFX)-objs := $(dumpimage-mkimage-objs) fit_check_sign.o # TODO(sjg@chromium.org): Is this correct on Mac OS? @@ -98,6 +105,8 @@ mkimage$(SFX)-objs := $(dumpimage-mkimage-objs) mkimage.o ifneq ($(CONFIG_MX23)$(CONFIG_MX28),) HOSTLOADLIBES_dumpimage$(SFX) := -lssl -lcrypto HOSTLOADLIBES_mkimage$(SFX) := -lssl -lcrypto +HOSTLOADLIBES_fit_info$(SFX) := -lssl -lcrypto +HOSTLOADLIBES_fit_check_sign$(SFX) := -lssl -lcrypto # Add CONFIG_MXS into host CFLAGS, so we can check whether or not register # the mxsimage support within tools/mxsimage.c . HOSTCFLAGS_mxsimage.o += -DCONFIG_MXS @@ -106,6 +115,8 @@ endif ifdef CONFIG_FIT_SIGNATURE HOSTLOADLIBES_dumpimage$(SFX) := -lssl -lcrypto HOSTLOADLIBES_mkimage$(SFX) := -lssl -lcrypto +HOSTLOADLIBES_fit_info$(SFX) := -lssl -lcrypto +HOSTLOADLIBES_fit_check_sign$(SFX) := -lssl -lcrypto # This affects include/image.h, but including the board config file # is tricky, so manually define this options here. @@ -137,6 +148,7 @@ hostprogs-$(CONFIG_STATIC_RELA) += relocate-rela$(SFX) HOSTCFLAGS_crc32.o := -pedantic HOSTCFLAGS_md5.o := -pedantic HOSTCFLAGS_sha1.o := -pedantic +HOSTCFLAGS_sha256.o := -pedantic # Don't build by default #hostprogs-$(CONFIG_PPC) += mpc86x_clk$(SFX) diff --git a/tools/env/Makefile b/tools/env/Makefile index fcb752d..f5368bc 100644 --- a/tools/env/Makefile +++ b/tools/env/Makefile @@ -25,7 +25,7 @@ hostprogs-y := fw_printenv_unstripped fw_printenv_unstripped-objs := fw_env.o fw_env_main.o \ crc32.o ctype.o linux_string.o \ - env_attr.o env_flags.o + env_attr.o env_flags.o aes.o quiet_cmd_strip = STRIP $@ cmd_strip = $(STRIP) -o $@ $< diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c index d228cc3..fba4c8c 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c @@ -31,6 +31,10 @@ #include "fw_env.h" +#include <aes.h> + +#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) + #define WHITESPACE(c) ((c == '\t') || (c == ' ')) #define min(x, y) ({ \ @@ -98,6 +102,11 @@ static struct environment environment = { .flag_scheme = FLAG_NONE, }; +/* Is AES encryption used? */ +static int aes_flag; +static uint8_t aes_key[AES_KEY_LENGTH] = { 0 }; +static int env_aes_cbc_crypt(char *data, const int enc); + static int HaveRedundEnv = 0; static unsigned char active_flag = 1; @@ -120,6 +129,10 @@ static inline ulong getenvsize (void) if (HaveRedundEnv) rc -= sizeof (char); + + if (aes_flag) + rc &= ~(AES_KEY_LENGTH - 1); + return rc; } @@ -191,6 +204,36 @@ char *fw_getdefenv(char *name) return NULL; } +static int parse_aes_key(char *key) +{ + char tmp[5] = { '0', 'x', 0, 0, 0 }; + unsigned long ul; + int i; + + if (strnlen(key, 64) != 32) { + fprintf(stderr, + "## Error: '-a' option requires 16-byte AES key\n"); + return -1; + } + + for (i = 0; i < 16; i++) { + tmp[2] = key[0]; + tmp[3] = key[1]; + errno = 0; + ul = strtoul(tmp, NULL, 16); + if (errno) { + fprintf(stderr, + "## Error: '-a' option requires valid AES key\n"); + return -1; + } + aes_key[i] = ul & 0xff; + key += 2; + } + aes_flag = 1; + + return 0; +} + /* * Print the current definition of one, or more, or all * environment variables @@ -201,6 +244,19 @@ int fw_printenv (int argc, char *argv[]) int i, n_flag; int rc = 0; + if (argc >= 2 && strcmp(argv[1], "-a") == 0) { + if (argc < 3) { + fprintf(stderr, + "## Error: '-a' option requires AES key\n"); + return -1; + } + rc = parse_aes_key(argv[2]); + if (rc) + return rc; + argv += 2; + argc -= 2; + } + if (fw_env_open()) return -1; @@ -266,6 +322,16 @@ int fw_printenv (int argc, char *argv[]) int fw_env_close(void) { + int ret; + if (aes_flag) { + ret = env_aes_cbc_crypt(environment.data, 1); + if (ret) { + fprintf(stderr, + "Error: can't encrypt env for flash\n"); + return ret; + } + } + /* * Update CRC */ @@ -413,7 +479,7 @@ int fw_env_write(char *name, char *value) */ int fw_setenv(int argc, char *argv[]) { - int i; + int i, rc; size_t len; char *name; char *value = NULL; @@ -423,6 +489,24 @@ int fw_setenv(int argc, char *argv[]) return -1; } + if (strcmp(argv[1], "-a") == 0) { + if (argc < 3) { + fprintf(stderr, + "## Error: '-a' option requires AES key\n"); + return -1; + } + rc = parse_aes_key(argv[2]); + if (rc) + return rc; + argv += 2; + argc -= 2; + } + + if (argc < 2) { + errno = EINVAL; + return -1; + } + if (fw_env_open()) { fprintf(stderr, "Error: environment not initialized\n"); return -1; @@ -900,6 +984,28 @@ static int flash_flag_obsolete (int dev, int fd, off_t offset) return rc; } +/* Encrypt or decrypt the environment before writing or reading it. */ +static int env_aes_cbc_crypt(char *payload, const int enc) +{ + uint8_t *data = (uint8_t *)payload; + const int len = getenvsize(); + uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; + uint32_t aes_blocks; + + /* First we expand the key. */ + aes_expand_key(aes_key, key_exp); + + /* Calculate the number of AES blocks to encrypt. */ + aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH); + + if (enc) + aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks); + else + aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks); + + return 0; +} + static int flash_write (int fd_current, int fd_target, int dev_target) { int rc; @@ -923,6 +1029,7 @@ static int flash_write (int fd_current, int fd_target, int dev_target) fprintf(stderr, "Writing new environment at 0x%lx on %s\n", DEVOFFSET (dev_target), DEVNAME (dev_target)); #endif + rc = flash_write_buf(dev_target, fd_target, environment.image, CUR_ENVSIZE, DEVOFFSET(dev_target), DEVTYPE(dev_target)); @@ -981,8 +1088,10 @@ static int flash_read (int fd) rc = flash_read_buf(dev_current, fd, environment.image, CUR_ENVSIZE, DEVOFFSET (dev_current), mtdinfo.type); + if (rc != CUR_ENVSIZE) + return -1; - return (rc != CUR_ENVSIZE) ? -1 : 0; + return 0; } static int flash_io (int mode) @@ -1075,6 +1184,8 @@ int fw_env_open(void) unsigned char flag1; void *addr1; + int ret; + struct env_image_single *single; struct env_image_redundant *redundant; @@ -1109,6 +1220,13 @@ int fw_env_open(void) return -1; crc0 = crc32 (0, (uint8_t *) environment.data, ENV_SIZE); + + if (aes_flag) { + ret = env_aes_cbc_crypt(environment.data, 0); + if (ret) + return ret; + } + crc0_ok = (crc0 == *environment.crc); if (!HaveRedundEnv) { if (!crc0_ok) { @@ -1159,6 +1277,13 @@ int fw_env_open(void) } crc1 = crc32 (0, (uint8_t *) redundant->data, ENV_SIZE); + + if (aes_flag) { + ret = env_aes_cbc_crypt(redundant->data, 0); + if (ret) + return ret; + } + crc1_ok = (crc1 == redundant->crc); flag1 = redundant->flags; diff --git a/tools/env/fw_env_main.c b/tools/env/fw_env_main.c index 2b85d78..ce50d58 100644 --- a/tools/env/fw_env_main.c +++ b/tools/env/fw_env_main.c @@ -9,18 +9,22 @@ * Command line user interface to firmware (=U-Boot) environment. * * Implements: - * fw_printenv [[ -n name ] | [ name ... ]] + * fw_printenv [ -a key ] [[ -n name ] | [ name ... ]] * - prints the value of a single environment variable * "name", the ``name=value'' pairs of one or more * environment variables "name", or the whole * environment if no names are specified. - * fw_setenv name [ value ... ] + * fw_setenv [ -a key ] name [ value ... ] * - If a name without any values is given, the variable * with this name is deleted from the environment; * otherwise, all "value" arguments are concatenated, * separated by single blank characters, and the * resulting string is assigned to the environment * variable "name" + * + * If '-a key' is specified, the env block is encrypted with AES 128 CBC. + * The 'key' argument is in the format of 32 hexadecimal numbers (16 bytes + * of AES key), eg. '-a aabbccddeeff00112233445566778899'. */ #include <fcntl.h> @@ -46,8 +50,8 @@ void usage(void) fprintf(stderr, "fw_printenv/fw_setenv, " "a command line interface to U-Boot environment\n\n" - "usage:\tfw_printenv [-n] [variable name]\n" - "\tfw_setenv [variable name] [variable value]\n" + "usage:\tfw_printenv [-a key] [-n] [variable name]\n" + "\tfw_setenv [-a key] [variable name] [variable value]\n" "\tfw_setenv -s [ file ]\n" "\tfw_setenv -s - < [ file ]\n\n" "The file passed as argument contains only pairs " @@ -94,9 +98,12 @@ int main(int argc, char *argv[]) cmdname = p + 1; } - while ((c = getopt_long (argc, argv, "ns:h", + while ((c = getopt_long (argc, argv, "a:ns:h", long_options, NULL)) != EOF) { switch (c) { + case 'a': + /* AES key, handled later */ + break; case 'n': /* handled in fw_printenv */ break; diff --git a/tools/fdt_host.h b/tools/fdt_host.h index c2b23c6..134d965 100644 --- a/tools/fdt_host.h +++ b/tools/fdt_host.h @@ -11,4 +11,6 @@ #include "../include/libfdt.h" #include "../include/fdt_support.h" +int fit_check_sign(const void *working_fdt, const void *key); + #endif /* __FDT_HOST_H__ */ diff --git a/tools/fdtdec.c b/tools/fdtdec.c new file mode 100644 index 0000000..f1c2256 --- /dev/null +++ b/tools/fdtdec.c @@ -0,0 +1 @@ +#include "../lib/fdtdec.c" diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c new file mode 100644 index 0000000..d6d9340 --- /dev/null +++ b/tools/fit_check_sign.c @@ -0,0 +1,85 @@ +/* + * (C) Copyright 2014 + * DENX Software Engineering + * Heiko Schocher <hs@denx.de> + * + * Based on: + * (C) Copyright 2008 Semihalf + * + * (C) Copyright 2000-2004 + * DENX Software Engineering + * Wolfgang Denk, wd@denx.de + * + * Updated-by: Prafulla Wadaskar <prafulla@marvell.com> + * FIT image specific code abstracted from mkimage.c + * some functions added to address abstraction + * + * All rights reserved. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include "mkimage.h" +#include "fit_common.h" +#include <image.h> +#include <u-boot/crc.h> + +void usage(char *cmdname) +{ + fprintf(stderr, "Usage: %s -f fit file -k key file\n" + " -f ==> set fit file which should be checked'\n" + " -k ==> set key file which contains the key'\n", + cmdname); + exit(EXIT_FAILURE); +} + +int main(int argc, char **argv) +{ + int ffd = -1; + int kfd = -1; + struct stat fsbuf; + struct stat ksbuf; + void *fit_blob; + char *fdtfile = NULL; + char *keyfile = NULL; + char cmdname[50]; + int ret; + void *key_blob; + int c; + + strcpy(cmdname, *argv); + while ((c = getopt(argc, argv, "f:k:")) != -1) + switch (c) { + case 'f': + fdtfile = optarg; + break; + case 'k': + keyfile = optarg; + break; + default: + usage(cmdname); + break; + } + + ffd = mmap_fdt(cmdname, fdtfile, &fit_blob, &fsbuf, 0); + if (ffd < 0) + return EXIT_FAILURE; + kfd = mmap_fdt(cmdname, keyfile, &key_blob, &ksbuf, 0); + if (ffd < 0) + return EXIT_FAILURE; + + image_set_host_blob(key_blob); + ret = fit_check_sign(fit_blob, key_blob); + + if (ret) + ret = EXIT_SUCCESS; + else + ret = EXIT_FAILURE; + + (void) munmap((void *)fit_blob, fsbuf.st_size); + (void) munmap((void *)key_blob, ksbuf.st_size); + + close(ffd); + close(kfd); + exit(ret); +} diff --git a/tools/fit_common.c b/tools/fit_common.c new file mode 100644 index 0000000..ee1767b --- /dev/null +++ b/tools/fit_common.c @@ -0,0 +1,86 @@ +/* + * (C) Copyright 2014 + * DENX Software Engineering + * Heiko Schocher <hs@denx.de> + * + * (C) Copyright 2008 Semihalf + * + * (C) Copyright 2000-2004 + * DENX Software Engineering + * Wolfgang Denk, wd@denx.de + * + * Updated-by: Prafulla Wadaskar <prafulla@marvell.com> + * FIT image specific code abstracted from mkimage.c + * some functions added to address abstraction + * + * All rights reserved. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include "imagetool.h" +#include "mkimage.h" +#include "fit_common.h" +#include <image.h> +#include <u-boot/crc.h> + +int fit_verify_header(unsigned char *ptr, int image_size, + struct image_tool_params *params) +{ + return fdt_check_header(ptr); +} + +int fit_check_image_types(uint8_t type) +{ + if (type == IH_TYPE_FLATDT) + return EXIT_SUCCESS; + else + return EXIT_FAILURE; +} + +int mmap_fdt(char *cmdname, const char *fname, void **blobp, + struct stat *sbuf, int useunlink) +{ + void *ptr; + int fd; + + /* Load FIT blob into memory (we need to write hashes/signatures) */ + fd = open(fname, O_RDWR | O_BINARY); + + if (fd < 0) { + fprintf(stderr, "%s: Can't open %s: %s\n", + cmdname, fname, strerror(errno)); + if (useunlink) + unlink(fname); + return -1; + } + + if (fstat(fd, sbuf) < 0) { + fprintf(stderr, "%s: Can't stat %s: %s\n", + cmdname, fname, strerror(errno)); + if (useunlink) + unlink(fname); + return -1; + } + + errno = 0; + ptr = mmap(0, sbuf->st_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); + if ((ptr == MAP_FAILED) || (errno != 0)) { + fprintf(stderr, "%s: Can't read %s: %s\n", + cmdname, fname, strerror(errno)); + if (useunlink) + unlink(fname); + return -1; + } + + /* check if ptr has a valid blob */ + if (fdt_check_header(ptr)) { + fprintf(stderr, "%s: Invalid FIT blob\n", cmdname); + if (useunlink) + unlink(fname); + return -1; + } + + *blobp = ptr; + return fd; +} diff --git a/tools/fit_common.h b/tools/fit_common.h new file mode 100644 index 0000000..adf4404 --- /dev/null +++ b/tools/fit_common.h @@ -0,0 +1,22 @@ +/* + * (C) Copyright 2014 + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef _FIT_COMMON_H_ +#define _FIT_COMMON_H_ + +#include "imagetool.h" +#include "mkimage.h" +#include <image.h> + +int fit_verify_header(unsigned char *ptr, int image_size, + struct image_tool_params *params); + +int fit_check_image_types(uint8_t type); + +int mmap_fdt(char *cmdname, const char *fname, void **blobp, + struct stat *sbuf, int useunlink); + +#endif /* _FIT_COMMON_H_ */ diff --git a/tools/fit_image.c b/tools/fit_image.c index 1466164..eeee484 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -15,68 +15,13 @@ */ #include "imagetool.h" +#include "fit_common.h" #include "mkimage.h" #include <image.h> #include <u-boot/crc.h> static image_header_t header; -static int fit_verify_header (unsigned char *ptr, int image_size, - struct image_tool_params *params) -{ - return fdt_check_header(ptr); -} - -static int fit_check_image_types (uint8_t type) -{ - if (type == IH_TYPE_FLATDT) - return EXIT_SUCCESS; - else - return EXIT_FAILURE; -} - -int mmap_fdt(struct image_tool_params *params, const char *fname, void **blobp, - struct stat *sbuf) -{ - void *ptr; - int fd; - - /* Load FIT blob into memory (we need to write hashes/signatures) */ - fd = open(fname, O_RDWR | O_BINARY); - - if (fd < 0) { - fprintf(stderr, "%s: Can't open %s: %s\n", - params->cmdname, fname, strerror(errno)); - unlink(fname); - return -1; - } - - if (fstat(fd, sbuf) < 0) { - fprintf(stderr, "%s: Can't stat %s: %s\n", - params->cmdname, fname, strerror(errno)); - unlink(fname); - return -1; - } - - ptr = mmap(0, sbuf->st_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); - if (ptr == MAP_FAILED) { - fprintf(stderr, "%s: Can't read %s: %s\n", - params->cmdname, fname, strerror(errno)); - unlink(fname); - return -1; - } - - /* check if ptr has a valid blob */ - if (fdt_check_header(ptr)) { - fprintf(stderr, "%s: Invalid FIT blob\n", params->cmdname); - unlink(fname); - return -1; - } - - *blobp = ptr; - return fd; -} - /** * fit_handle_file - main FIT file processing function * @@ -129,13 +74,14 @@ static int fit_handle_file(struct image_tool_params *params) } if (params->keydest) { - destfd = mmap_fdt(params, params->keydest, &dest_blob, &sbuf); + destfd = mmap_fdt(params->cmdname, params->keydest, + &dest_blob, &sbuf, 1); if (destfd < 0) goto err_keydest; destfd_size = sbuf.st_size; } - tfd = mmap_fdt(params, tmpfile, &ptr, &sbuf); + tfd = mmap_fdt(params->cmdname, tmpfile, &ptr, &sbuf, 1); if (tfd < 0) goto err_mmap; diff --git a/tools/fit_info.c b/tools/fit_info.c new file mode 100644 index 0000000..50f3c8e --- /dev/null +++ b/tools/fit_info.c @@ -0,0 +1,96 @@ +/* + * (C) Copyright 2014 + * DENX Software Engineering + * Heiko Schocher <hs@denx.de> + * + * fit_info: print the offset and the len of a property from + * node in a fit file. + * + * Based on: + * (C) Copyright 2008 Semihalf + * + * (C) Copyright 2000-2004 + * DENX Software Engineering + * Wolfgang Denk, wd@denx.de + * + * Updated-by: Prafulla Wadaskar <prafulla@marvell.com> + * FIT image specific code abstracted from mkimage.c + * some functions added to address abstraction + * + * All rights reserved. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include "mkimage.h" +#include "fit_common.h" +#include <image.h> +#include <u-boot/crc.h> + +void usage(char *cmdname) +{ + fprintf(stderr, "Usage: %s -f fit file -n node -p property\n" + " -f ==> set fit file which is used'\n" + " -n ==> set node name'\n" + " -p ==> set property name'\n", + cmdname); + exit(EXIT_FAILURE); +} + +int main(int argc, char **argv) +{ + int ffd = -1; + struct stat fsbuf; + void *fit_blob; + int len; + int nodeoffset; /* node offset from libfdt */ + const void *nodep; /* property node pointer */ + char *fdtfile = NULL; + char *nodename = NULL; + char *propertyname = NULL; + char cmdname[50]; + int c; + + strcpy(cmdname, *argv); + while ((c = getopt(argc, argv, "f:n:p:")) != -1) + switch (c) { + case 'f': + fdtfile = optarg; + break; + case 'n': + nodename = optarg; + break; + case 'p': + propertyname = optarg; + break; + default: + usage(cmdname); + break; + } + + ffd = mmap_fdt(cmdname, fdtfile, &fit_blob, &fsbuf, 0); + + if (ffd < 0) { + printf("Could not open %s\n", fdtfile); + exit(EXIT_FAILURE); + } + + nodeoffset = fdt_path_offset(fit_blob, nodename); + if (nodeoffset < 0) { + printf("%s not found.", nodename); + exit(EXIT_FAILURE); + } + nodep = fdt_getprop(fit_blob, nodeoffset, propertyname, &len); + if (len == 0) { + printf("len == 0 %s\n", propertyname); + exit(EXIT_FAILURE); + } + + printf("NAME: %s\n", fit_get_name(fit_blob, nodeoffset, NULL)); + printf("LEN: %d\n", len); + printf("OFF: %d\n", (int)(nodep - fit_blob)); + (void) munmap((void *)fit_blob, fsbuf.st_size); + + close(ffd); + exit(EXIT_SUCCESS); +} diff --git a/tools/image-host.c b/tools/image-host.c index 0d5c88c..651f1c2 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -403,7 +403,7 @@ static int fit_config_get_hash_list(void *fit, int conf_noffset, goto err_mem; /* Get a list of images that we intend to sign */ - prop = fit_config_get_image_list(fit, conf_noffset, &len, + prop = fit_config_get_image_list(fit, sig_offset, &len, &allow_missing); if (!prop) return 0; @@ -695,3 +695,18 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, return 0; } + +#ifdef CONFIG_FIT_SIGNATURE +int fit_check_sign(const void *working_fdt, const void *key) +{ + int cfg_noffset; + int ret; + + cfg_noffset = fit_conf_get_node(working_fdt, NULL); + if (!cfg_noffset) + return -1; + + ret = fit_config_verify(working_fdt, cfg_noffset); + return ret; +} +#endif diff --git a/tools/rsa-checksum.c b/tools/rsa-checksum.c new file mode 100644 index 0000000..09033e6 --- /dev/null +++ b/tools/rsa-checksum.c @@ -0,0 +1 @@ +#include "../lib/rsa/rsa-checksum.c" diff --git a/tools/rsa-verify.c b/tools/rsa-verify.c new file mode 100644 index 0000000..bb662a1 --- /dev/null +++ b/tools/rsa-verify.c @@ -0,0 +1 @@ +#include "../lib/rsa/rsa-verify.c" diff --git a/tools/sha256.c b/tools/sha256.c new file mode 100644 index 0000000..8ca931f --- /dev/null +++ b/tools/sha256.c @@ -0,0 +1 @@ +#include "../lib/sha256.c" |