Commit graph

13 commits

Author SHA1 Message Date
Simon Glass
195f7893da fit_check_sign: Update help to mention the key is in a dtb
The key is inside a dtb file, so tweak the help to make that clear.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:42 -07:00
Ilies CHERGUI
2b139b3992 tools/fit_check_sign.c: Update usage function.
Add "-c" option to set the configuration name when
checking the FIT image signature.

Signed-off-by: Ilies CHERGUI <ilies.chergui@gmail.com>
2021-02-01 16:32:06 -05:00
Simon Glass
c3aa81e35c fit_check_sign: Allow selecting the configuration to verify
This tool always verifies the default configuration. It is useful to be
able to verify a specific one. Add a command-line flag for this and plumb
the logic through.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
Luca Boccassi
7d57485a8a tools: use read-only mmap in fit_check_sign
Add an option to open files in read-only mode in mmap_fdt so
that fit_check_sign can be used to inspect files on read-only
filesystems.
For example, this is useful when a key is shipped in a read-only
rootfs or squashfs.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
2019-05-18 12:32:02 -04:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Thomas Huth
310ae37edb Fix bad return value checks (detected with Coccinelle)
In the "Getting Started with Coccinelle - KVM edition" presentation that
has been held by Julia Lawall at the KVM forum 2015 (see the slides at
http://events.linuxfoundation.org/sites/events/files/slides/tutorial_kvm_0.pdf),
she pointed out some bad return value checks in U-Boot that can be
detected with Coccinelle by using the following config file:

@@
identifier x,y;
identifier f;
statement S;
@@
x = f(...);
(
 if (x < 0) S
|
 if (
-     y
+     x
 < 0) S
)

This patch now fixes these issues.

Signed-off-by: Thomas Huth <huth@tuxfamily.org>
2015-10-24 13:50:30 -04:00
Simon Glass
ce1400f694 Enhance fit_check_sign to check all images
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
2014-06-19 11:19:02 -04:00
Simon Glass
12df2abe3e Reverse the meaning of the fit_config_verify() return code
It is more common to have 0 mean OK, and -ve mean error. Change this
function to work the same way to avoid confusion.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-19 11:18:58 -04:00
Simon Glass
ba923cab00 tools: Check arguments in fit_check_sign/fit_info
These tools crash if no arguments are provided. Add checks to avoid this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de>
2014-06-19 11:18:57 -04:00
Simon Glass
a946811569 mkimage: Automatically make space in FDT when full
When adding hashes or signatures, the target FDT may be full. Detect this
and automatically try again after making 1KB of space.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-11 16:25:46 -04:00
Simon Glass
ef0af64b1c Improve error handling in fit_common
Make the error handling common, and make sure the file is always closed
on error. Rename the parameter to be more description and add comments.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-11 16:25:46 -04:00
Michael van der Westhuizen
64375014c4 Prevent a stack overflow in fit_check_sign
It is trivial to crash fit_check_sign by invoking with an
absolute path in a deeply nested directory.  This is exposed
by vboot_test.sh.

Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Acked-by: Simon Glass <sjg@chromium.org>
2014-06-05 14:44:56 -04:00
Heiko Schocher
29a23f9d6c tools, fit_check_sign: verify a signed fit image
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
2014-03-21 16:40:38 -04:00