diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2016-05-10 16:02:09 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2016-05-10 16:02:13 +0200 |
commit | 6922e0f005eeb655e7830e2718960c63c1ddf6fd (patch) | |
tree | 4117d21dfb30579ddeb20f99f775f2ef8120b7a5 /common | |
parent | b9b0fd6c75147b71db28752c4262a82609f82e9a (diff) | |
download | barebox-6922e0f005eeb655e7830e2718960c63c1ddf6fd.tar.gz barebox-6922e0f005eeb655e7830e2718960c63c1ddf6fd.tar.xz |
bootm: Add verify mode "available"
The verify "available" mode checks whatever is available in the
booted image, so when an image has a signature, it is checked and
must be correct and when an image is hashed, it is also checked
for correctness.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'common')
-rw-r--r-- | common/bootm.c | 1 | ||||
-rw-r--r-- | common/image-fit.c | 64 |
2 files changed, 46 insertions, 19 deletions
diff --git a/common/bootm.c b/common/bootm.c index 53edc7162b..bf1b3441c3 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -74,6 +74,7 @@ static const char * const bootm_verify_names[] = { #ifndef CONFIG_BOOTM_FORCE_SIGNED_IMAGES [BOOTM_VERIFY_NONE] = "none", [BOOTM_VERIFY_HASH] = "hash", + [BOOTM_VERIFY_AVAILABLE] = "available", #endif [BOOTM_VERIFY_SIGNATURE] = "signature", }; diff --git a/common/image-fit.c b/common/image-fit.c index ceb55c2606..9b6c40fbf8 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -428,7 +428,10 @@ static int fit_open_image(struct fit_handle *handle, const char *unit, const voi } if (handle->verify > BOOTM_VERIFY_NONE) { - ret = -EINVAL; + if (handle->verify == BOOTM_VERIFY_AVAILABLE) + ret = 0; + else + ret = -EINVAL; for_each_child_of_node(image, hash) { if (handle->verbose) of_print_nodes(hash, 0); @@ -449,9 +452,46 @@ static int fit_open_image(struct fit_handle *handle, const char *unit, const voi return 0; } +static int fit_config_verify_signature(struct fit_handle *handle, struct device_node *conf_node) +{ + struct device_node *sig_node; + int ret = -EINVAL; + + if (!IS_ENABLED(CONFIG_FITIMAGE_SIGNATURE)) + return 0; + + switch (handle->verify) { + case BOOTM_VERIFY_NONE: + case BOOTM_VERIFY_HASH: + return 0; + case BOOTM_VERIFY_SIGNATURE: + ret = -EINVAL; + break; + case BOOTM_VERIFY_AVAILABLE: + ret = 0; + break; + } + + for_each_child_of_node(conf_node, sig_node) { + if (handle->verbose) + of_print_nodes(sig_node, 0); + ret = fit_verify_signature(sig_node, handle->fit); + if (ret < 0) + return ret; + } + + if (ret < 0) { + pr_err("configuration '%s' does not have a signature\n", + conf_node->full_name); + return ret; + } + + return ret; +} + static int fit_open_configuration(struct fit_handle *handle, const char *name) { - struct device_node *conf_node = NULL, *sig_node; + struct device_node *conf_node = NULL; const char *unit, *desc = "(no description)"; int ret; @@ -474,23 +514,9 @@ static int fit_open_configuration(struct fit_handle *handle, const char *name) of_property_read_string(conf_node, "description", &desc); pr_info("configuration '%s': %s\n", unit, desc); - if (IS_ENABLED(CONFIG_FITIMAGE_SIGNATURE) && - handle->verify == BOOTM_VERIFY_SIGNATURE) { - ret = -EINVAL; - for_each_child_of_node(conf_node, sig_node) { - if (handle->verbose) - of_print_nodes(sig_node, 0); - ret = fit_verify_signature(sig_node, handle->fit); - if (ret < 0) - return ret; - } - - if (ret < 0) { - pr_err("configuration '%s': %s does not have a signature\n", - unit, desc); - return ret; - } - } + ret = fit_config_verify_signature(handle, conf_node); + if (ret) + return ret; if (of_property_read_string(conf_node, "kernel", &unit) == 0) { ret = fit_open_image(handle, unit, &handle->kernel, &handle->kernel_size); |