From: Anatolij Gustschin <agust@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 3/5] x86: baytrail: secureboot: Add functions for verification of u-boot
Date: Fri, 12 May 2017 10:56:06 +0200 [thread overview]
Message-ID: <20170512105606.50f233b2@crub> (raw)
In-Reply-To: <20170512102550.1aa42156@ipc1.ka-ro>
Hi,
On Fri, 12 May 2017 10:25:50 +0200
Lothar Waßmann LW at KARO-electronics.de wrote:
...
> > +static bool verify_oem_sha256(unsigned int hash_id,
> > + void *start_address,
> > + size_t size)
> > +{
> > + uint8_t value[SHA256_SUM_LEN];
> >
> 'unsigned char' here ...
>
> > + int value_len;
> > +
> > + /* calculate address of hash to compare in the oemdata block*/
> > + void *hash_to_verify = (void *)SB_MANIFEST_OEM_HASH_BASE +
> > + (SHA256_SUM_LEN * hash_id);
> > +#ifdef DEBUG
> > + unsigned int i = 0;
> > + uint8_t oem_value[SHA256_SUM_LEN];
> > +
> > + memcpy(oem_value, hash_to_verify, SHA256_SUM_LEN);
> > + printf("SB: Hash to verify:\t");
> > + for (i = 0; i < SHA256_SUM_LEN; i++)
> > + printf("%X", oem_value[i]);
> > + printf("\n");
> > +#endif
> > +
> > + /* caluclate the hash of the binary */
> > + calculate_hash(start_address, size, "sha256", (unsigned char *)value,
> > + &value_len);
> >
> ... would avoid the '(unsigned char *)' cast here.
I'll drop this cast, the fourth argument of calculate_hash()
is uint8_t *.
...
> > +bool verify_public_key(void)
> > +{
> > + void *fit_public_key_modulus;
> >
> 'const void *' here ...
> > +
> > + int offset = fdt_node_offset_by_prop_value(gd->fdt_blob, -1,
> > + "key-name-hint",
> > + FIT_KEY_NAME,
> > + 4);
> > +
> > + fit_public_key_modulus = (void *)fdt_getprop(gd->fdt_blob, offset,
> > + "rsa,modulus", NULL);
> >
> ... would eliminate the need for the '(void *)' cast here.
OK, will fix. Thanks!
--
Anatolij
next prev parent reply other threads:[~2017-05-12 8:56 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-11 15:14 [U-Boot] [PATCH 0/5] Introduce secure boot for Baytrail Anatolij Gustschin
2017-05-11 15:14 ` [U-Boot] [PATCH 1/5] x86: congatec: add secureboot enabled defconfig for conga-qeval20-qa3-e3845 Anatolij Gustschin
2017-05-15 3:03 ` Simon Glass
2017-05-11 15:14 ` [U-Boot] [PATCH 2/5] x86: baytrail: Add fsp-header verification for secure boot fsp Anatolij Gustschin
2017-05-15 3:03 ` Simon Glass
2017-05-15 7:20 ` Anatolij Gustschin
2017-05-11 15:14 ` [U-Boot] [PATCH 3/5] x86: baytrail: secureboot: Add functions for verification of u-boot Anatolij Gustschin
2017-05-12 8:25 ` Lothar Waßmann
2017-05-12 8:56 ` Anatolij Gustschin [this message]
2017-05-15 3:03 ` Simon Glass
2017-05-15 7:29 ` Anatolij Gustschin
2017-05-11 15:14 ` [U-Boot] [PATCH 4/5] tools: add secure_boot_helper.py Anatolij Gustschin
2017-05-15 3:03 ` Simon Glass
2017-05-11 15:14 ` [U-Boot] [PATCH 5/5] doc: x86: Add section about secure boot on Baytrail Anatolij Gustschin
2017-05-15 3:03 ` Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170512105606.50f233b2@crub \
--to=agust@denx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox