From mboxrd@z Thu Jan 1 00:00:00 1970 From: Quentin Schulz Date: Tue, 17 Apr 2018 14:06:48 +0200 Subject: [U-Boot] [PATCH] fit: skip signature verification if board request In-Reply-To: <1523459585-7594-1-git-send-email-jun.nie@linaro.org> References: <1523459585-7594-1-git-send-email-jun.nie@linaro.org> Message-ID: <20180417120648.hxyolrhkq4vqr2kj@qschulz> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi, On Wed, Apr 11, 2018 at 11:13:05PM +0800, Jun Nie wrote: > It may be unnecessary to check signature on unlocked board. > Get the hint from platform specific code to support secure boot > and non-secure boot with the same binary, so that boot is not > blocked if board is not locked and has no key for signature > verification. > Isn't it what the environment variable `verify` is made for? i.e. setting verify=no will skip checks and boot an image even though it isn't signed or hash/signature does not match. I may be missing some context here, so please ignore if it's not what you're after. BTW, I saw that you were speaking of reading the lock fuse to decide whether to check the signature or not. I'd like to have at least a bypass option for this as it would be horribly tedious for debugging/development purposes. E.g. I want to be able to boot from an unverified U-Boot binary a signed (and checked) fitImage so that I can validate everything works as it should before locking down the bootloader. Regards, Quentin > Signed-off-by: Jun Nie > --- > common/image-sig.c | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > > diff --git a/common/image-sig.c b/common/image-sig.c > index d9f712f..f3d1252 100644 > --- a/common/image-sig.c > +++ b/common/image-sig.c > @@ -151,6 +151,11 @@ struct image_region *fit_region_make_list(const void *fit, > return region; > } > > +int __attribute__((weak)) fit_board_skip_sig_verification(void) > +{ > + return 0; > +} > + > static int fit_image_setup_verify(struct image_sign_info *info, > const void *fit, int noffset, int required_keynode, > char **err_msgp) > @@ -188,6 +193,12 @@ int fit_image_check_sig(const void *fit, int noffset, const void *data, > uint8_t *fit_value; > int fit_value_len; > > + /* Skip verification if board says that */ > + if (fit_board_skip_sig_verification()) { > + printf("signature check skipped\n"); > + return 0; > + } > + > *err_msgp = NULL; > if (fit_image_setup_verify(&info, fit, noffset, required_keynode, > err_msgp)) > @@ -438,6 +449,12 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset, > int noffset; > int sig_node; > > + /* Skip verification if board says that */ > + if (fit_board_skip_sig_verification()) { > + printf("signature check skipped\n"); > + return 0; > + } > + > /* Work out what we need to verify */ > sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME); > if (sig_node < 0) { > -- > 2.7.4 > > _______________________________________________ > U-Boot mailing list > U-Boot at lists.denx.de > https://lists.denx.de/listinfo/u-boot -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: not available URL: