From: Heiko Schocher <hs@denx.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 2/7] fdt: add "fdt sign" command
Date: Mon, 27 Jan 2014 07:37:07 +0100 [thread overview]
Message-ID: <52E5FE93.2030306@denx.de> (raw)
In-Reply-To: <CAPnjgZ2Yf-mqWS6cGcntCdsyK_Usi9VmB7w+bX7aF6+2mkjiyg@mail.gmail.com>
Hello Simon,
Am 26.01.2014 22:04, schrieb Simon Glass:
> Hi Heiko,
>
> On 24 January 2014 23:44, Heiko Schocher<hs@denx.de> wrote:
>> check if a fdt is correct signed
>> pass an optional addr value. Contains the addr of the key blob
>>
>> Signed-off-by: Heiko Schocher<hs@denx.de>
>> Cc: Simon Glass<sjg@chromium.org>
>> ---
>> common/cmd_fdt.c | 38 +++++++++++++++++++++++++++++++++++++-
>> 1 file changed, 37 insertions(+), 1 deletion(-)
>>
>> diff --git a/common/cmd_fdt.c b/common/cmd_fdt.c
>> index 3a9edd6..b8468ea 100644
>> --- a/common/cmd_fdt.c
>> +++ b/common/cmd_fdt.c
>> @@ -243,7 +243,7 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
>> /*
>> * Set the value of a property in the working_fdt.
>> */
>> - } else if (argv[1][0] == 's') {
>> + } else if (strncmp(argv[1], "se", 2) == 0) {
>> char *pathp; /* path */
>> char *prop; /* property */
>> int nodeoffset; /* node offset from libfdt */
>> @@ -283,6 +283,37 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
>> return 1;
>> }
>>
>> +#if defined(CONFIG_FIT_SIGNATURE)
>> + } else if (strncmp(argv[1], "si", 2) == 0) {
>> + int cfg_noffset;
>> + int ret;
>> + unsigned long addr;
>> + struct fdt_header *blob;
>> +
>> + if (!working_fdt)
>> + return CMD_RET_FAILURE;
>> +
>> + if (argc> 2) {
>> + addr = simple_strtoul(argv[2], NULL, 16);
>> + blob = map_sysmem(addr, 0);
>> + } else {
>> + blob = (struct fdt_header *)gd->fdt_blob;
>> + }
>> + if (!fdt_valid(&blob))
>> + return 1;
>> +
>> + gd->fdt_blob = blob;
>> + cfg_noffset = fit_conf_get_node(working_fdt, NULL);
>> + if (!cfg_noffset)
>> + return CMD_RET_FAILURE;
>
> May need to print an error here, since otherwise it won't be clear
> what went wrong.
Hmm... fit_conf_get_node() prints a dedicated error message if debug is
activated... I thought this is enough ... ?
>> +
>> + ret = fit_config_verify(working_fdt, cfg_noffset);
>> + if (ret == 1)
>> + return CMD_RET_SUCCESS;
>> + else
>> + return CMD_RET_FAILURE;
>> +#endif
>> +
>> /********************************************************************
>> * Get the value of a property in the working_fdt.
>> ********************************************************************/
>> @@ -992,6 +1023,11 @@ static char fdt_help_text[] =
>> "fdt rsvmem delete<index> - Delete a mem reserves\n"
>> "fdt chosen [<start> <end>] - Add/update the /chosen branch in the tree\n"
>> "<start>/<end> - initrd start/end addr\n"
>> +#if defined(CONFIG_FIT_SIGNATURE)
>> + "fdt sign [<addr>] - check FIT signature\n"
>
> How about checksig instead of sign? 'sign' sounds like you are going to sign it.
Of course, that sounds better!
Change this for v2, thanks!
>
>> + "<start> - addr of key blob\n"
>> + " default gd->fdt_blob\n"
>> +#endif
>> "NOTE: Dereference aliases by omiting the leading '/', "
>> "e.g. fdt print ethernet0.";
>> #endif
>> --
>> 1.8.3.1
>>
>
> Regards,
> Simon
Thanks for the review.
bye,
Heiko
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
next prev parent reply other threads:[~2014-01-27 6:37 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-25 6:44 [U-Boot] [PATCH 0/7] common, fit, rsa: enhancements Heiko Schocher
2014-01-25 6:44 ` [U-Boot] [PATCH 1/7] tools/image-host: fix sign-images bug Heiko Schocher
2014-01-26 21:05 ` Simon Glass
2014-01-25 6:44 ` [U-Boot] [PATCH 2/7] fdt: add "fdt sign" command Heiko Schocher
2014-01-26 21:04 ` Simon Glass
2014-01-27 6:37 ` Heiko Schocher [this message]
2014-01-27 6:50 ` Wolfgang Denk
2014-01-27 7:42 ` Heiko Schocher
2014-02-08 14:09 ` Marek Vasut
2014-02-10 6:15 ` Heiko Schocher
2014-02-12 10:46 ` Marek Vasut
2014-02-12 15:31 ` Heiko Schocher
2014-02-13 20:26 ` Marek Vasut
2014-02-14 5:06 ` Heiko Schocher
2014-01-25 6:44 ` [U-Boot] [PATCH 3/7] fit: add sha256 support Heiko Schocher
2014-01-26 21:07 ` Simon Glass
2014-01-25 6:44 ` [U-Boot] [PATCH 4/7] rsa: add sha256-rsa2048 algorithm Heiko Schocher
2014-01-26 21:10 ` Simon Glass
2014-01-27 6:45 ` Heiko Schocher
2014-01-27 17:36 ` Simon Glass
2014-01-25 6:44 ` [U-Boot] [PATCH 5/7] rsa: add sha256,rsa4096 algorithm Heiko Schocher
2014-01-26 21:19 ` Simon Glass
2014-01-27 7:36 ` Heiko Schocher
2014-01-27 17:39 ` Simon Glass
2014-01-25 6:44 ` [U-Boot] [PATCH 6/7] tools, fit: add fit_info host command Heiko Schocher
2014-02-08 14:16 ` Marek Vasut
2014-02-10 6:28 ` Heiko Schocher
2014-02-12 10:46 ` Marek Vasut
2014-01-25 6:44 ` [U-Boot] [PATCH 7/7] tools, fit_check_sign: verify a signed fit image Heiko Schocher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52E5FE93.2030306@denx.de \
--to=hs@denx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).