[U-Boot] [PATCH 4/9] fit: Verify all configuration signatures

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Marek Vasut <marex@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 4/9] fit: Verify all configuration signatures
Date: Thu, 28 Dec 2017 13:06:16 +0100	[thread overview]
Message-ID: <20171228120621.4039-5-marex@denx.de> (raw)
In-Reply-To: <20171228120621.4039-1-marex@denx.de>

Rather than verifying configuration signature of the configuration node
containing the kernel image types, verify all configuration nodes, even
those that do not contain kernel images. This is useful when the nodes
contain ie. standalone OSes or U-Boot.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
---
 common/image-fit.c | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/common/image-fit.c b/common/image-fit.c
index 8871e2dcd3..f559032691 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1766,22 +1766,24 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
 		}
 		fit_base_uname_config = fdt_get_name(fit, cfg_noffset, NULL);
 		printf("   Using '%s' configuration\n", fit_base_uname_config);
-		if (image_type == IH_TYPE_KERNEL) {
-			/* Remember (and possibly verify) this config */
+		/* Remember this config */
+		if (image_type == IH_TYPE_KERNEL)
 			images->fit_uname_cfg = fit_base_uname_config;
-			if (IMAGE_ENABLE_VERIFY && images->verify) {
-				puts("   Verifying Hash Integrity ... ");
-				if (fit_config_verify(fit, cfg_noffset)) {
-					puts("Bad Data Hash\n");
-					bootstage_error(bootstage_id +
-						BOOTSTAGE_SUB_HASH);
-					return -EACCES;
-				}
-				puts("OK\n");
+
+		/* Verify this config */
+		if (IMAGE_ENABLE_VERIFY && images->verify) {
+			puts("   Verifying Hash Integrity ... ");
+			if (fit_config_verify(fit, cfg_noffset)) {
+				puts("Bad Data Hash\n");
+				bootstage_error(bootstage_id +
+					BOOTSTAGE_SUB_HASH);
+				return -EACCES;
 			}
-			bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG);
+			puts("OK\n");
 		}
 
+		bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG);
+
 		noffset = fit_conf_get_prop_node(fit, cfg_noffset,
 						 prop_name);
 		fit_uname = fit_get_name(fit, noffset, NULL);
-- 
2.15.0

next prev parent reply	other threads:[~2017-12-28 12:06 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-28 12:06 [U-Boot] [PATCH 0/9] spl: Add full fit and u-boot dto support Marek Vasut
2017-12-28 12:06 ` [U-Boot] [PATCH 1/9] fit: Fix CONFIG_FIT_SPL_PRINT Marek Vasut
2018-01-08  3:53   ` Simon Glass
2017-12-28 12:06 ` [U-Boot] [PATCH 2/9] fit: Add empty fit_print_contents() and fit_image_print() Marek Vasut
2018-01-08  3:53   ` Simon Glass
2017-12-28 12:06 ` [U-Boot] [PATCH 3/9] fit: Add standalone image type handling Marek Vasut
2018-01-08  3:53   ` Simon Glass
2017-12-28 12:06 ` Marek Vasut [this message]
2018-01-08  3:56   ` [U-Boot] [PATCH 4/9] fit: Verify all configuration signatures Simon Glass
2017-12-28 12:06 ` [U-Boot] [PATCH 5/9] spl: Add full fitImage support Marek Vasut
2017-12-28 14:21   ` Lukasz Majewski
2018-01-08  3:58   ` Simon Glass
2017-12-28 12:06 ` [U-Boot] [PATCH 6/9] spl: Add support for overlaying U-Boot DT Marek Vasut
2017-12-28 14:23   ` Lukasz Majewski
2018-01-08  4:20   ` Simon Glass
2017-12-28 12:06 ` [U-Boot] [PATCH 7/9] spl: Restart loading if load_image returns -EAGAIN Marek Vasut
2017-12-28 14:25   ` Lukasz Majewski
2017-12-31 17:37     ` Marek Vasut
2017-12-28 12:06 ` [U-Boot] [PATCH 8/9] spl: ram: Add support for fetching image position from control DT Marek Vasut
2017-12-28 14:27   ` Lukasz Majewski
2018-01-08  4:20   ` Simon Glass
2017-12-28 12:06 ` [U-Boot] [PATCH 9/9] spl: spi: " Marek Vasut
2017-12-28 14:29   ` Lukasz Majewski
2018-01-08  4:37     ` Simon Glass

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8871e2dcd dfblob:f55903269 )
 OR (
bs:"[U-Boot] [PATCH 4/9] fit: Verify all configuration signatures" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171228120621.4039-5-marex@denx.de \
    --to=marex@denx.de \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox