FIT: add ability to check hashes of all images in FIT, improve output

- add function fit_all_image_check_hashes() that verifies if all hashes of all images in the FIT are valid - improve output of fit_image_check_hashes() when the hash check fails Signed-off-by: Bartlomiej Sieka <tur@semihalf.com>
2024-11-25 14:10:43 +00:00 · 2008-09-09 12:58:15 +02:00 · 2008-09-09 12:58:15 +02:00 · 919f550dc1
commit 919f550dc1
parent 1de1fa4089
2 changed files with 57 additions and 5 deletions
--- a/common/image.c
+++ b/common/image.c
@ -2645,27 +2645,29 @@ int fit_image_check_hashes (const void *fit, int image_noffset)
 				continue;

 			if (fit_image_hash_get_algo (fit, noffset, &algo)) {
-				err_msg = "Can't get hash algo property";
+				err_msg = " error!\nCan't get hash algo "
+						"property";
 				goto error;
 			}
 			printf ("%s", algo);

 			if (fit_image_hash_get_value (fit, noffset, &fit_value,
 							&fit_value_len)) {
-				err_msg = "Can't get hash value property";
+				err_msg = " error!\nCan't get hash value "
+						"property";
 				goto error;
 			}

 			if (calculate_hash (data, size, algo, value, &value_len)) {
-				err_msg = "Unsupported hash algorithm";
+				err_msg = " error!\nUnsupported hash algorithm";
 				goto error;
 			}

 			if (value_len != fit_value_len) {
-				err_msg = "Bad hash value len";
+				err_msg = " error !\nBad hash value len";
 				goto error;
 			} else if (memcmp (value, fit_value, value_len) != 0) {
-				err_msg = "Bad hash value";
+				err_msg = " error!\nBad hash value";
 				goto error;
 			}
 			printf ("+ ");
@ -2681,6 +2683,55 @@ error:
 	return 0;
 }

+/**
+ * fit_all_image_check_hashes - verify data intergity for all images
+ * @fit: pointer to the FIT format image header
+ *
+ * fit_all_image_check_hashes() goes over all images in the FIT and
+ * for every images checks if all it's hashes are valid.
+ *
+ * returns:
+ *     1, if all hashes of all images are valid
+ *     0, otherwise (or on error)
+ */
+int fit_all_image_check_hashes (const void *fit)
+{
+	int images_noffset;
+	int noffset;
+	int ndepth;
+	int count;
+
+	/* Find images parent node offset */
+	images_noffset = fdt_path_offset (fit, FIT_IMAGES_PATH);
+	if (images_noffset < 0) {
+		printf ("Can't find images parent node '%s' (%s)\n",
+			FIT_IMAGES_PATH, fdt_strerror (images_noffset));
+		return 0;
+	}
+
+	/* Process all image subnodes, check hashes for each */
+	printf ("## Checking hash(es) for FIT Image at %08lx ...\n",
+		(ulong)fit);
+	for (ndepth = 0, count = 0,
+		noffset = fdt_next_node (fit, images_noffset, &ndepth);
+		(noffset >= 0) && (ndepth > 0);
+		noffset = fdt_next_node (fit, noffset, &ndepth)) {
+		if (ndepth == 1) {
+			/*
+			 * Direct child node of the images parent node,
+			 * i.e. component image node.
+			 */
+			printf ("   Hash(es) for Image %u (%s): ", count++,
+					fit_get_name (fit, noffset, NULL));
+
+			if (!fit_image_check_hashes (fit, noffset))
+				return 0;
+			printf ("\n");
+		}
+	}
+	return 1;
+}
+
 /**
 * fit_image_check_os - check whether image node is of a given os type
 * @fit: pointer to the FIT format image header
--- a/include/image.h
+++ b/include/image.h
@ -574,6 +574,7 @@ int fit_image_hash_set_value (void *fit, int noffset, uint8_t *value,
 				int value_len);

 int fit_image_check_hashes (const void *fit, int noffset);
+int fit_all_image_check_hashes (const void *fit);
 int fit_image_check_os (const void *fit, int noffset, uint8_t os);
 int fit_image_check_arch (const void *fit, int noffset, uint8_t arch);
 int fit_image_check_type (const void *fit, int noffset, uint8_t type);