spl: spl_fit.c: enable check of signature for config node in spl/tpl

This commit add the support of signature check for config node in spl/tpl when the function spl_load_simple_fit is used. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
author: Philippe Reynes <philippe.reynes@softathome.com> 2020-10-29 18:50:29 +0100
committer: Tom Rini <trini@konsulko.com> 2020-12-01 14:12:28 -0500
commit: 7d5b1bf6b84489cbbafd6dc679fdac2eda876c74 (patch)
tree: d5ba64c03253ea7886cda536785a49d575132ea6 /common
parent: a282ada1987ca85826e6f47bb6e3c48a17e11098 (diff)
download: u-boot-7d5b1bf6b84489cbbafd6dc679fdac2eda876c74.zip
u-boot-7d5b1bf6b84489cbbafd6dc679fdac2eda876c74.tar.gz
u-boot-7d5b1bf6b84489cbbafd6dc679fdac2eda876c74.tar.bz2
1 files changed, 10 insertions, 0 deletions
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index 6418062..2fbee4f 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -558,6 +558,16 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
 	if (spl_load_simple_fit_skip_processing())
 		return 0;
 
+	if (IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)) {
+		int conf_offset = fit_find_config_node(fit);
+
+		printf("## Checking hash(es) for config %s ... ",
+		       fit_get_name(fit, conf_offset, NULL));
+		if (fit_config_verify(fit, conf_offset))
+			return -EPERM;
+		puts("OK\n");
+	}
+
 	/* find the node holding the images information */
 	images = fdt_path_offset(fit, FIT_IMAGES_PATH);
 	if (images < 0) {
author	Philippe Reynes <philippe.reynes@softathome.com>	2020-10-29 18:50:29 +0100
committer	Tom Rini <trini@konsulko.com>	2020-12-01 14:12:28 -0500
commit	7d5b1bf6b84489cbbafd6dc679fdac2eda876c74 (patch)
tree	d5ba64c03253ea7886cda536785a49d575132ea6 /common
parent	a282ada1987ca85826e6f47bb6e3c48a17e11098 (diff)
download	u-boot-7d5b1bf6b84489cbbafd6dc679fdac2eda876c74.zip u-boot-7d5b1bf6b84489cbbafd6dc679fdac2eda876c74.tar.gz u-boot-7d5b1bf6b84489cbbafd6dc679fdac2eda876c74.tar.bz2