summaryrefslogtreecommitdiffstats
path: root/common
diff options
context:
space:
mode:
authorSascha Hauer <s.hauer@pengutronix.de>2016-05-10 16:02:09 +0200
committerSascha Hauer <s.hauer@pengutronix.de>2016-05-10 16:02:13 +0200
commit6922e0f005eeb655e7830e2718960c63c1ddf6fd (patch)
tree4117d21dfb30579ddeb20f99f775f2ef8120b7a5 /common
parentb9b0fd6c75147b71db28752c4262a82609f82e9a (diff)
downloadbarebox-6922e0f005eeb655e7830e2718960c63c1ddf6fd.tar.gz
barebox-6922e0f005eeb655e7830e2718960c63c1ddf6fd.tar.xz
bootm: Add verify mode "available"
The verify "available" mode checks whatever is available in the booted image, so when an image has a signature, it is checked and must be correct and when an image is hashed, it is also checked for correctness. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'common')
-rw-r--r--common/bootm.c1
-rw-r--r--common/image-fit.c64
2 files changed, 46 insertions, 19 deletions
diff --git a/common/bootm.c b/common/bootm.c
index 53edc7162b..bf1b3441c3 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -74,6 +74,7 @@ static const char * const bootm_verify_names[] = {
#ifndef CONFIG_BOOTM_FORCE_SIGNED_IMAGES
[BOOTM_VERIFY_NONE] = "none",
[BOOTM_VERIFY_HASH] = "hash",
+ [BOOTM_VERIFY_AVAILABLE] = "available",
#endif
[BOOTM_VERIFY_SIGNATURE] = "signature",
};
diff --git a/common/image-fit.c b/common/image-fit.c
index ceb55c2606..9b6c40fbf8 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -428,7 +428,10 @@ static int fit_open_image(struct fit_handle *handle, const char *unit, const voi
}
if (handle->verify > BOOTM_VERIFY_NONE) {
- ret = -EINVAL;
+ if (handle->verify == BOOTM_VERIFY_AVAILABLE)
+ ret = 0;
+ else
+ ret = -EINVAL;
for_each_child_of_node(image, hash) {
if (handle->verbose)
of_print_nodes(hash, 0);
@@ -449,9 +452,46 @@ static int fit_open_image(struct fit_handle *handle, const char *unit, const voi
return 0;
}
+static int fit_config_verify_signature(struct fit_handle *handle, struct device_node *conf_node)
+{
+ struct device_node *sig_node;
+ int ret = -EINVAL;
+
+ if (!IS_ENABLED(CONFIG_FITIMAGE_SIGNATURE))
+ return 0;
+
+ switch (handle->verify) {
+ case BOOTM_VERIFY_NONE:
+ case BOOTM_VERIFY_HASH:
+ return 0;
+ case BOOTM_VERIFY_SIGNATURE:
+ ret = -EINVAL;
+ break;
+ case BOOTM_VERIFY_AVAILABLE:
+ ret = 0;
+ break;
+ }
+
+ for_each_child_of_node(conf_node, sig_node) {
+ if (handle->verbose)
+ of_print_nodes(sig_node, 0);
+ ret = fit_verify_signature(sig_node, handle->fit);
+ if (ret < 0)
+ return ret;
+ }
+
+ if (ret < 0) {
+ pr_err("configuration '%s' does not have a signature\n",
+ conf_node->full_name);
+ return ret;
+ }
+
+ return ret;
+}
+
static int fit_open_configuration(struct fit_handle *handle, const char *name)
{
- struct device_node *conf_node = NULL, *sig_node;
+ struct device_node *conf_node = NULL;
const char *unit, *desc = "(no description)";
int ret;
@@ -474,23 +514,9 @@ static int fit_open_configuration(struct fit_handle *handle, const char *name)
of_property_read_string(conf_node, "description", &desc);
pr_info("configuration '%s': %s\n", unit, desc);
- if (IS_ENABLED(CONFIG_FITIMAGE_SIGNATURE) &&
- handle->verify == BOOTM_VERIFY_SIGNATURE) {
- ret = -EINVAL;
- for_each_child_of_node(conf_node, sig_node) {
- if (handle->verbose)
- of_print_nodes(sig_node, 0);
- ret = fit_verify_signature(sig_node, handle->fit);
- if (ret < 0)
- return ret;
- }
-
- if (ret < 0) {
- pr_err("configuration '%s': %s does not have a signature\n",
- unit, desc);
- return ret;
- }
- }
+ ret = fit_config_verify_signature(handle, conf_node);
+ if (ret)
+ return ret;
if (of_property_read_string(conf_node, "kernel", &unit) == 0) {
ret = fit_open_image(handle, unit, &handle->kernel, &handle->kernel_size);