At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
This can be obtained by looking up the image type, so is redundant. It is
better to centralise this lookup to avoid errors.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is more common to have 0 mean OK, and -ve mean error. Change this
function to work the same way to avoid confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
When writing values into an FDT it is possible that there will be
insufficient space. If the caller gets a useful error then it can
potentially deal with the situation.
Adjust these functions to return -ENOSPC when the FDT is full.
Signed-off-by: Simon Glass <sjg@chromium.org>
There is a strange comment in fit_image_load().
This function can be used for loading Kernel Image, FDT
as well as ramdisk.
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Cc: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Becuase fdt_check_header function takes (const void *)
type argument, the argument should be passed to it
without being casted to (char *).
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
The timestamp is shown in fit_print_contents() but for some reason not
in fit_image_print(). This seems to be an oversight, since it is the latter
which is used by bootm.
Add timestamp printing in this case.
(There is code duplication in these two function, for looking at in a future
patch).
Signed-off-by: Simon Glass <sjg@chromium.org>
If a specific configuraion is selected by the bootm command, e.g. with
'bootm 84000000#recoveryconf' we must honour this for not just the kernel,
but also the ramdisk and FDT.
In the conversion to using a common fit_image_load() function for loading
images from FITs (commits a51ec63 and 53f375f) this feature was lost.
Reinstate it by passing the selected configuration back from
fit_image_load() to boot_get_kernel(), then use this configuration
(which is stored in images->fit_uname_cfg) in both boot_get_ramdisk()
and boot_get_fdt().
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.
Signed-off-by: Simon Glass <sjg@chromium.org>
This error may not be defined on some platforms such as MacOS so host
compilation will fail. Use one of the more common errors instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Andreas Bießmann <andreas.devel@googlemail.com>
Tested-by: Lubomir Popov <lpopov@mm-sol.com>
Use map_sysmem() to convert from address to pointer, so that sandbox can
print FIT information without crashing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use the new common code to load a flat device tree. Also fix up a few casts
so that this code works with sandbox. Other than that the functionality
should not change.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present code to load an image from a FIT is duplicated in the three
places where it is needed (kernel, fdt, ramdisk).
The differences between these different code copies is fairly minor.
Create a new function in the fit code which can handle any of the
requirements of those cases.
Signed-off-by: Simon Glass <sjg@chromium.org>
This code is very large, and in SPL it isn't always useful to print
out image information (in fact there might not even be a console
active). So disable this feature unless this option is set.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function will be used to print signatures as well as hashes, so rename
it. Also make it static since it is not used outside this file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
The string " error\n" appears in each error string. Move it out to a
common place.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
The existing function is long and most of the code is indented a long
way. Before adding yet more code, split this out into its own function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
This is the main entry point to the FIT image verification code. We will
be using it to handle image verification with signatures, so rename the
function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
This code is never compiled into U-Boot, so move it into a separate
file in tools/ to avoid the large #ifdef.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
The FIT code is about half the size of the >3000-line image.c. Split this
code into its own file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>