From: Philippe REYNES <philippe.reynes@softathome.com>
To: u-boot@lists.denx.de
Subject: [PATCH v2 12/14] image: Use constants for 'required' and 'key-name-hint'
Date: Wed, 18 Mar 2020 19:28:56 +0100 (CET) [thread overview]
Message-ID: <1598841500.1332003.1584556136491.JavaMail.zimbra@softathome.com> (raw)
In-Reply-To: <20200318174408.77473-13-sjg@chromium.org>
> Objet: [PATCH v2 12/14] image: Use constants for 'required' and 'key-name-hint'
> These are used in multiple places so update them to use a shared #define.
>
> Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>
> Changes in v2: None
>
> common/image-cipher.c | 2 +-
> common/image-fit.c | 6 +++---
> common/image-sig.c | 8 +++++---
> include/image.h | 4 +++-
> lib/rsa/rsa-sign.c | 6 +++---
> tools/image-host.c | 8 ++++----
> 6 files changed, 19 insertions(+), 15 deletions(-)
>
> diff --git a/common/image-cipher.c b/common/image-cipher.c
> index cee3b03ee5..f50c3d31bd 100644
> --- a/common/image-cipher.c
> +++ b/common/image-cipher.c
> @@ -88,7 +88,7 @@ static int fit_image_setup_decrypt(struct image_cipher_info
> *info,
> return -1;
> }
>
> - info->keyname = fdt_getprop(fit, cipher_noffset, "key-name-hint", NULL);
> + info->keyname = fdt_getprop(fit, cipher_noffset, FIT_KEY_HINT, NULL);
> if (!info->keyname) {
> printf("Can't get key name\n");
> return -1;
> diff --git a/common/image-fit.c b/common/image-fit.c
> index a5c85ede8d..c8ff77526c 100644
> --- a/common/image-fit.c
> +++ b/common/image-fit.c
> @@ -168,7 +168,7 @@ static void fit_image_print_data(const void *fit, int
> noffset, const char *p,
> int value_len;
> char *algo;
> const char *padding;
> - int required;
> + bool required;
> int ret, i;
>
> debug("%s %s node: '%s'\n", p, type,
> @@ -179,8 +179,8 @@ static void fit_image_print_data(const void *fit, int
> noffset, const char *p,
> return;
> }
> printf("%s", algo);
> - keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
> - required = fdt_getprop(fit, noffset, "required", NULL) != NULL;
> + keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
> + required = fdt_getprop(fit, noffset, FIT_KEY_REQUIRED, NULL) != NULL;
> if (keyname)
> printf(":%s", keyname);
> if (required)
> diff --git a/common/image-sig.c b/common/image-sig.c
> index 03143a4040..6563effcf3 100644
> --- a/common/image-sig.c
> +++ b/common/image-sig.c
> @@ -229,7 +229,7 @@ static int fit_image_setup_verify(struct image_sign_info
> *info,
> padding_name = RSA_DEFAULT_PADDING_NAME;
>
> memset(info, '\0', sizeof(*info));
> - info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
> + info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
> info->fit = (void *)fit;
> info->node_offset = noffset;
> info->name = algo_name;
> @@ -340,7 +340,8 @@ int fit_image_verify_required_sigs(const void *fit, int
> image_noffset,
> const char *required;
> int ret;
>
> - required = fdt_getprop(sig_blob, noffset, "required", NULL);
> + required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED,
> + NULL);
> if (!required || strcmp(required, "image"))
> continue;
> ret = fit_image_verify_sig(fit, image_noffset, data, size,
> @@ -557,7 +558,8 @@ int fit_config_verify_required_sigs(const void *fit, int
> conf_noffset,
> const char *required;
> int ret;
>
> - required = fdt_getprop(sig_blob, noffset, "required", NULL);
> + required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED,
> + NULL);
> if (!required || strcmp(required, "conf"))
> continue;
> ret = fit_config_verify_sig(fit, conf_noffset, sig_blob,
> diff --git a/include/image.h b/include/image.h
> index 512243f159..3ffc0fdd68 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -939,12 +939,14 @@ int booti_setup(ulong image, ulong *relocated_addr, ulong
> *size,
> #define FIT_IMAGES_PATH "/images"
> #define FIT_CONFS_PATH "/configurations"
>
> -/* hash/signature node */
> +/* hash/signature/key node */
> #define FIT_HASH_NODENAME "hash"
> #define FIT_ALGO_PROP "algo"
> #define FIT_VALUE_PROP "value"
> #define FIT_IGNORE_PROP "uboot-ignore"
> #define FIT_SIG_NODENAME "signature"
> +#define FIT_KEY_REQUIRED "required"
> +#define FIT_KEY_HINT "key-name-hint"
>
> /* cipher node */
> #define FIT_CIPHER_NODENAME "cipher"
> diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
> index 6400ef63d6..580c744709 100644
> --- a/lib/rsa/rsa-sign.c
> +++ b/lib/rsa/rsa-sign.c
> @@ -792,8 +792,8 @@ int rsa_add_verify_data(struct image_sign_info *info, void
> *keydest)
> }
>
> if (!ret) {
> - ret = fdt_setprop_string(keydest, node, "key-name-hint",
> - info->keyname);
> + ret = fdt_setprop_string(keydest, node, FIT_KEY_HINT,
> + info->keyname);
> }
> if (!ret)
> ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
> @@ -815,7 +815,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void
> *keydest)
> info->name);
> }
> if (!ret && info->require_keys) {
> - ret = fdt_setprop_string(keydest, node, "required",
> + ret = fdt_setprop_string(keydest, node, FIT_KEY_REQUIRED,
> info->require_keys);
> }
> done:
> diff --git a/tools/image-host.c b/tools/image-host.c
> index dfea48e894..4e57ddea96 100644
> --- a/tools/image-host.c
> +++ b/tools/image-host.c
> @@ -170,7 +170,7 @@ static int fit_image_setup_sig(struct image_sign_info *info,
>
> memset(info, '\0', sizeof(*info));
> info->keydir = keydir;
> - info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
> + info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
> info->fit = fit;
> info->node_offset = noffset;
> info->name = strdup(algo_name);
> @@ -249,7 +249,7 @@ static int fit_image_process_sig(const char *keydir, void
> *keydest,
> free(value);
>
> /* Get keyname again, as FDT has changed and invalidated our pointer */
> - info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
> + info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
>
> /*
> * Write the public key into the supplied FDT file; this might fail
> @@ -337,7 +337,7 @@ static int fit_image_setup_cipher(struct image_cipher_info
> *info,
> info->keydir = keydir;
>
> /* Read the key name */
> - info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
> + info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
> if (!info->keyname) {
> printf("Can't get key name for cipher '%s' in image '%s'\n",
> node_name, image_name);
> @@ -886,7 +886,7 @@ static int fit_config_process_sig(const char *keydir, void
> *keydest,
> free(region_prop);
>
> /* Get keyname again, as FDT has changed and invalidated our pointer */
> - info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
> + info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
>
> /* Write the public key into the supplied FDT file */
> if (keydest) {
> --
> 2.25.1.481.gfbce0eb801-goog
next prev parent reply other threads:[~2020-03-18 18:28 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-18 17:43 [PATCH v2 00/14] vboot: Fix forged-configuration vulnerability Simon Glass
2020-03-18 17:43 ` [PATCH v2 01/14] image: Correct comment for fit_conf_get_node() Simon Glass
2020-03-18 17:43 ` [PATCH v2 02/14] image: Be a little more verbose when checking signatures Simon Glass
2020-03-18 17:43 ` [PATCH v2 03/14] image: Return an error message from fit_config_verify_sig() Simon Glass
2020-03-18 17:43 ` [PATCH v2 04/14] test: vboot: Drop unnecessary parameter for fit_check_sign Simon Glass
2020-03-18 17:43 ` [PATCH v2 05/14] test: vboot: Add a test for a forged configuration Simon Glass
2020-03-18 17:44 ` [PATCH v2 06/14] test: vboot: Parameterise the test Simon Glass
2020-03-18 17:44 ` [PATCH v2 07/14] image: Check hash-nodes when checking configurations Simon Glass
2020-03-18 17:44 ` [PATCH v2 08/14] image: Load the correct configuration in fit_check_sign Simon Glass
2020-03-18 17:44 ` [PATCH v2 09/14] fit_check_sign: Allow selecting the configuration to verify Simon Glass
2020-03-18 17:44 ` [PATCH v2 10/14] test: vboot: Tidy up the code a little Simon Glass
2020-03-18 17:44 ` [PATCH v2 11/14] test: vboot: Fix pylint errors Simon Glass
2020-03-18 17:44 ` [PATCH v2 12/14] image: Use constants for 'required' and 'key-name-hint' Simon Glass
2020-03-18 18:28 ` Philippe REYNES [this message]
2020-03-18 17:44 ` [PATCH v2 13/14] test: vboot: Move key creation into a function Simon Glass
2020-03-18 17:44 ` [PATCH v2 14/14] test: vboot: Reduce fake kernel size to 500 bytes Simon Glass
2020-03-30 23:11 ` [PATCH v2 00/14] vboot: Fix forged-configuration vulnerability Simon Glass
2020-03-31 13:26 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1598841500.1332003.1584556136491.JavaMail.zimbra@softathome.com \
--to=philippe.reynes@softathome.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox