mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-10 07:04:28 +00:00
tools: mkimage: Show where signatures/keys are written
At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.
Sample:
Signature written to 'sha1-basic/test.fit',
node '/configurations/conf-1/signature'
Public key written to 'sha1-basic/sandbox-u-boot.dtb',
node '/signature/key-dev'
Signed-off-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Simon Glass
parent
9737c2d1eb
commit
2d2384bbaf
7 changed files with 72 additions and 7 deletions
|
|
@ -1021,6 +1021,25 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
|
||||||
const char *comment, int require_keys,
|
const char *comment, int require_keys,
|
||||||
const char *engine_id, const char *cmdname);
|
const char *engine_id, const char *cmdname);
|
||||||
|
|
||||||
|
#define NODE_MAX_NAME_LEN 80
|
||||||
|
|
||||||
|
/**
|
||||||
|
* struct image_summary - Provides information about signing info added
|
||||||
|
*
|
||||||
|
* @sig_offset: Offset of the node in the blob devicetree where the signature
|
||||||
|
* was wriiten
|
||||||
|
* @sig_path: Path to @sig_offset
|
||||||
|
* @keydest_offset: Offset of the node in the keydest devicetree where the
|
||||||
|
* public key was written (-1 if none)
|
||||||
|
* @keydest_path: Path to @keydest_offset
|
||||||
|
*/
|
||||||
|
struct image_summary {
|
||||||
|
int sig_offset;
|
||||||
|
char sig_path[NODE_MAX_NAME_LEN];
|
||||||
|
int keydest_offset;
|
||||||
|
char keydest_path[NODE_MAX_NAME_LEN];
|
||||||
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* fit_add_verification_data() - add verification data to FIT image nodes
|
* fit_add_verification_data() - add verification data to FIT image nodes
|
||||||
*
|
*
|
||||||
|
|
@ -1032,6 +1051,7 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
|
||||||
* @engine_id: Engine to use for signing
|
* @engine_id: Engine to use for signing
|
||||||
* @cmdname: Command name used when reporting errors
|
* @cmdname: Command name used when reporting errors
|
||||||
* @algo_name: Algorithm name, or NULL if to be read from FIT
|
* @algo_name: Algorithm name, or NULL if to be read from FIT
|
||||||
|
* @summary: Returns information about what data was written
|
||||||
*
|
*
|
||||||
* Adds hash values for all component images in the FIT blob.
|
* Adds hash values for all component images in the FIT blob.
|
||||||
* Hashes are calculated for all component images which have hash subnodes
|
* Hashes are calculated for all component images which have hash subnodes
|
||||||
|
|
@ -1046,7 +1066,8 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
|
||||||
int fit_add_verification_data(const char *keydir, const char *keyfile,
|
int fit_add_verification_data(const char *keydir, const char *keyfile,
|
||||||
void *keydest, void *fit, const char *comment,
|
void *keydest, void *fit, const char *comment,
|
||||||
int require_keys, const char *engine_id,
|
int require_keys, const char *engine_id,
|
||||||
const char *cmdname, const char *algo_name);
|
const char *cmdname, const char *algo_name,
|
||||||
|
struct image_summary *summary);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* fit_image_verify_with_data() - Verify an image with given data
|
* fit_image_verify_with_data() - Verify an image with given data
|
||||||
|
|
|
||||||
|
|
@ -175,3 +175,16 @@ int copyfile(const char *src, const char *dst)
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void summary_show(struct image_summary *summary, const char *imagefile,
|
||||||
|
const char *keydest)
|
||||||
|
{
|
||||||
|
if (summary->sig_offset) {
|
||||||
|
printf("Signature written to '%s', node '%s'\n", imagefile,
|
||||||
|
summary->sig_path);
|
||||||
|
if (keydest) {
|
||||||
|
printf("Public key written to '%s', node '%s'\n",
|
||||||
|
keydest, summary->keydest_path);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -52,4 +52,14 @@ int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
|
||||||
*/
|
*/
|
||||||
int copyfile(const char *src, const char *dst);
|
int copyfile(const char *src, const char *dst);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* summary_show() - Show summary information about the signing process
|
||||||
|
*
|
||||||
|
* @summary: Summary info to show
|
||||||
|
* @imagefile: Filename of the output image
|
||||||
|
* @keydest: Filename where the key information is written (NULL if none)
|
||||||
|
*/
|
||||||
|
void summary_show(struct image_summary *summary, const char *imagefile,
|
||||||
|
const char *keydest);
|
||||||
|
|
||||||
#endif /* _FIT_COMMON_H_ */
|
#endif /* _FIT_COMMON_H_ */
|
||||||
|
|
|
||||||
|
|
@ -74,7 +74,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
|
||||||
params->require_keys,
|
params->require_keys,
|
||||||
params->engine_id,
|
params->engine_id,
|
||||||
params->cmdname,
|
params->cmdname,
|
||||||
params->algo_name);
|
params->algo_name,
|
||||||
|
¶ms->summary);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dest_blob) {
|
if (dest_blob) {
|
||||||
|
|
|
||||||
|
|
@ -1071,7 +1071,8 @@ static int fit_config_process_sig(const char *keydir, const char *keyfile,
|
||||||
static int fit_config_add_verification_data(const char *keydir,
|
static int fit_config_add_verification_data(const char *keydir,
|
||||||
const char *keyfile, void *keydest, void *fit, int conf_noffset,
|
const char *keyfile, void *keydest, void *fit, int conf_noffset,
|
||||||
const char *comment, int require_keys, const char *engine_id,
|
const char *comment, int require_keys, const char *engine_id,
|
||||||
const char *cmdname, const char *algo_name)
|
const char *cmdname, const char *algo_name,
|
||||||
|
struct image_summary *summary)
|
||||||
{
|
{
|
||||||
const char *conf_name;
|
const char *conf_name;
|
||||||
int noffset;
|
int noffset;
|
||||||
|
|
@ -1091,9 +1092,20 @@ static int fit_config_add_verification_data(const char *keydir,
|
||||||
ret = fit_config_process_sig(keydir, keyfile, keydest,
|
ret = fit_config_process_sig(keydir, keyfile, keydest,
|
||||||
fit, conf_name, conf_noffset, noffset, comment,
|
fit, conf_name, conf_noffset, noffset, comment,
|
||||||
require_keys, engine_id, cmdname, algo_name);
|
require_keys, engine_id, cmdname, algo_name);
|
||||||
|
if (ret < 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
summary->sig_offset = noffset;
|
||||||
|
fdt_get_path(fit, noffset, summary->sig_path,
|
||||||
|
sizeof(summary->sig_path));
|
||||||
|
|
||||||
|
if (keydest) {
|
||||||
|
summary->keydest_offset = ret;
|
||||||
|
fdt_get_path(keydest, ret,
|
||||||
|
summary->keydest_path,
|
||||||
|
sizeof(summary->keydest_path));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (ret < 0)
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -1137,7 +1149,8 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
|
||||||
int fit_add_verification_data(const char *keydir, const char *keyfile,
|
int fit_add_verification_data(const char *keydir, const char *keyfile,
|
||||||
void *keydest, void *fit, const char *comment,
|
void *keydest, void *fit, const char *comment,
|
||||||
int require_keys, const char *engine_id,
|
int require_keys, const char *engine_id,
|
||||||
const char *cmdname, const char *algo_name)
|
const char *cmdname, const char *algo_name,
|
||||||
|
struct image_summary *summary)
|
||||||
{
|
{
|
||||||
int images_noffset, confs_noffset;
|
int images_noffset, confs_noffset;
|
||||||
int noffset;
|
int noffset;
|
||||||
|
|
@ -1186,7 +1199,7 @@ int fit_add_verification_data(const char *keydir, const char *keyfile,
|
||||||
fit, noffset, comment,
|
fit, noffset, comment,
|
||||||
require_keys,
|
require_keys,
|
||||||
engine_id, cmdname,
|
engine_id, cmdname,
|
||||||
algo_name);
|
algo_name, summary);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,8 @@
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <u-boot/sha1.h>
|
#include <u-boot/sha1.h>
|
||||||
|
|
||||||
|
#include <image.h>
|
||||||
|
|
||||||
#include "fdt_host.h"
|
#include "fdt_host.h"
|
||||||
|
|
||||||
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
|
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
|
||||||
|
|
@ -84,6 +86,7 @@ struct image_tool_params {
|
||||||
int bl_len; /* Block length in byte for external data */
|
int bl_len; /* Block length in byte for external data */
|
||||||
const char *engine_id; /* Engine to use for signing */
|
const char *engine_id; /* Engine to use for signing */
|
||||||
bool reset_timestamp; /* Reset the timestamp on an existing image */
|
bool reset_timestamp; /* Reset the timestamp on an existing image */
|
||||||
|
struct image_summary summary; /* results of signing process */
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@
|
||||||
#include "imagetool.h"
|
#include "imagetool.h"
|
||||||
#include "mkimage.h"
|
#include "mkimage.h"
|
||||||
#include "imximage.h"
|
#include "imximage.h"
|
||||||
|
#include <fit_common.h>
|
||||||
#include <image.h>
|
#include <image.h>
|
||||||
#include <version.h>
|
#include <version.h>
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
|
|
@ -472,6 +473,9 @@ int main(int argc, char **argv)
|
||||||
|
|
||||||
(void) munmap((void *)ptr, sbuf.st_size);
|
(void) munmap((void *)ptr, sbuf.st_size);
|
||||||
(void) close (ifd);
|
(void) close (ifd);
|
||||||
|
if (!retval)
|
||||||
|
summary_show(¶ms.summary, params.imagefile,
|
||||||
|
params.keydest);
|
||||||
|
|
||||||
exit (retval);
|
exit (retval);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue