[U-Boot] [PATCH] cmd: image_info: Add checking of default FIT config

[U-Boot] [PATCH] cmd: image_info: Add checking of default FIT config

[Bryan O'Donoghue]

This patch adds a check for the default FIT config to iminfo. Once applied
any signing of the config will show a pass fail similar to rsa+/rsa-.

Output looks like this:

   Hash(es) for Image 0 (kernel at 1): sha1+
   Hash(es) for Image 1 (fdt at imx7s-warp.dtb): sha1+
   Hash(es) for Image 2 (ramdisk at 1): sha1+
   Hash(es) for Image 3 (bootscr): sha1+
   Hash for default configuration: sha1,rsa2048:mbl-fit-rot-key+

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Jun Nie <jun.nie@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 cmd/bootm.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/cmd/bootm.c b/cmd/bootm.c
index c3a063474a..b3bd236165 100644
--- a/cmd/bootm.c
+++ b/cmd/bootm.c
@@ -244,6 +244,9 @@ static int do_iminfo(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 
 static int image_info(ulong addr)
 {
+#if defined(CONFIG_FIT)
+	int cfg_noffset;
+#endif
 	void *hdr = (void *)addr;
 
 	printf("\n## Checking Image at %08lx ...\n", addr);
@@ -294,6 +297,20 @@ static int image_info(ulong addr)
 			return 1;
 		}
 
+		cfg_noffset = fit_conf_get_node(hdr, NULL);
+		if (!cfg_noffset) {
+			printf("Could not find configuration node: %s\n",
+			       fdt_strerror(cfg_noffset));
+			return 1;
+		}
+
+		puts("   Hash for default configuration: ");
+		if (fit_config_verify(hdr, cfg_noffset)) {
+			puts("Unable to verify default fit config\n");
+			return 1;
+		}
+		puts("\n");
+
 		return 0;
 #endif
 	default:
-- 
2.20.1

[U-Boot] cmd: image_info: Add checking of default FIT config

[Tom Rini]

On Fri, Jan 18, 2019 at 05:17:35PM +0000, Bryan O'Donoghue wrote:

> This patch adds a check for the default FIT config to iminfo. Once applied
> any signing of the config will show a pass fail similar to rsa+/rsa-.
> 
> Output looks like this:
> 
>    Hash(es) for Image 0 (kernel at 1): sha1+
>    Hash(es) for Image 1 (fdt at imx7s-warp.dtb): sha1+
>    Hash(es) for Image 2 (ramdisk at 1): sha1+
>    Hash(es) for Image 3 (bootscr): sha1+
>    Hash for default configuration: sha1,rsa2048:mbl-fit-rot-key+
> 
> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
> Cc: Jun Nie <jun.nie@linaro.org>
> Cc: Simon Glass <sjg@chromium.org>
> Cc: Tom Rini <trini@konsulko.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>

This breaks a huge number of platforms building with one example being
nanopi_neo2.  Please test and fix (and possibly throw at travis-ci as
it's on many many platforms), thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190208/9e023b7d/attachment.sig>

[U-Boot] [PATCH] cmd: image_info: Add checking of default FIT config

[Simon Glass]

On Tue, 18 Dec 2018 at 07:46, Bryan O'Donoghue
<bryan.odonoghue@linaro.org> wrote:
>
> This patch adds a check for the default FIT config to iminfo. Once applied
> any signing of the config will show a pass fail similar to rsa+/rsa-.
>
> Output looks like this:
>
>    Hash(es) for Image 0 (kernel at 1): sha1+
>    Hash(es) for Image 1 (fdt at imx7s-warp.dtb): sha1+
>    Hash(es) for Image 2 (ramdisk at 1): sha1+
>    Hash(es) for Image 3 (bootscr): sha1+
>    Hash for default configuration: sha1,rsa2048:mbl-fit-rot-key+
>
> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
> Cc: Jun Nie <jun.nie@linaro.org>
> Cc: Simon Glass <sjg@chromium.org>
> Cc: Tom Rini <trini@konsulko.com>
> ---
>  cmd/bootm.c | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)

Reviewed-by: Simon Glass <sjg@chromium.org>

[U-Boot] [PATCH] cmd: image_info: Add checking of default FIT config

[Bryan O'Donoghue]

This patch adds a check for the default FIT config to iminfo. Once applied
any signing of the config will show a pass fail similar to rsa+/rsa-.

Output looks like this:

   Hash(es) for Image 0 (kernel at 1): sha1+
   Hash(es) for Image 1 (fdt at imx7s-warp.dtb): sha1+
   Hash(es) for Image 2 (ramdisk at 1): sha1+
   Hash(es) for Image 3 (bootscr): sha1+
   Hash for default configuration: sha1,rsa2048:mbl-fit-rot-key+

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Jun Nie <jun.nie@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
---
 cmd/bootm.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/cmd/bootm.c b/cmd/bootm.c
index c3a063474a..b3bd236165 100644
--- a/cmd/bootm.c
+++ b/cmd/bootm.c
@@ -244,6 +244,9 @@ static int do_iminfo(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 
 static int image_info(ulong addr)
 {
+#if defined(CONFIG_FIT)
+	int cfg_noffset;
+#endif
 	void *hdr = (void *)addr;
 
 	printf("\n## Checking Image at %08lx ...\n", addr);
@@ -294,6 +297,20 @@ static int image_info(ulong addr)
 			return 1;
 		}
 
+		cfg_noffset = fit_conf_get_node(hdr, NULL);
+		if (!cfg_noffset) {
+			printf("Could not find configuration node: %s\n",
+			       fdt_strerror(cfg_noffset));
+			return 1;
+		}
+
+		puts("   Hash for default configuration: ");
+		if (fit_config_verify(hdr, cfg_noffset)) {
+			puts("Unable to verify default fit config\n");
+			return 1;
+		}
+		puts("\n");
+
 		return 0;
 #endif
 	default:
-- 
2.20.0