diff options
| author | Sean Anderson <sean.anderson@seco.com> | 2022-12-12 14:12:11 -0500 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2022-12-31 13:35:19 -0500 |
| commit | bcc85b96b5ffbbce19a89747138feb873d918915 (patch) | |
| tree | 9a4c733db8ec3b99444a5ff9177aeb709459ad07 /include | |
| parent | c4f5738e690487dc59c8234782e792e57dac9a22 (diff) | |
| download | u-boot-bcc85b96b5ffbbce19a89747138feb873d918915.zip u-boot-bcc85b96b5ffbbce19a89747138feb873d918915.tar.gz u-boot-bcc85b96b5ffbbce19a89747138feb873d918915.tar.bz2 | |
cmd: source: Support specifying config nameWIP/2022-12-31-cmd-source-support-specifying-config-name
As discussed previously [1,2], the source command is not safe to use with
verified boot unless there is a key with required = "images" (which has its
own problems). This is because if such a key is absent, signatures are
verified but not required. It is assumed that configuration nodes will
provide the signature. Because the source command does not use
configurations to determine the image to source, effectively no
verification takes place.
To address this, allow specifying configuration nodes. We use the same
syntax as the bootm command (helpfully provided for us by fit_parse_conf).
By default, we first try the default config and then the default image. To
force using a config, # must be present in the command (e.g. `source
$loadaddr#my-conf`). For convenience, the config may be omitted, just like
the address may be (e.g. `source \#`). This also works for images
(`source :` behaves exactly like `source` currently does).
[1] https://lore.kernel.org/u-boot/7d711133-d513-5bcb-52f2-a9dbaa9eeded@prevas.dk/
[2] https://lore.kernel.org/u-boot/042dcb34-f85f-351e-1b0e-513f89005fdd@gmail.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/image.h | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/include/image.h b/include/image.h index 6f9c5a4..bed75ce 100644 --- a/include/image.h +++ b/include/image.h @@ -711,15 +711,23 @@ int fit_image_load(struct bootm_headers *images, ulong addr, /** * image_source_script() - Execute a script + * @addr: Address of script + * @fit_uname: FIT subimage name + * @confname: FIT config name. The subimage is chosen based on FIT_SCRIPT_PROP. * * Executes a U-Boot script at a particular address in memory. The script should * have a header (FIT or legacy) with the script type (IH_TYPE_SCRIPT). * - * @addr: Address of script - * @fit_uname: FIT subimage name + * If @fit_uname is the empty string, then the default image is used. If + * @confname is the empty string, the default config is used. If @confname and + * @fit_uname are both non-%NULL, then @confname is ignored. If @confname and + * @fit_uname are both %NULL, then first the default config is tried, and then + * the default image. + * * Return: result code (enum command_ret_t) */ -int image_source_script(ulong addr, const char *fit_uname); +int image_source_script(ulong addr, const char *fit_uname, + const char *confname); /** * fit_get_node_from_config() - Look up an image a FIT by type @@ -1032,6 +1040,7 @@ int booti_setup(ulong image, ulong *relocated_addr, ulong *size, #define FIT_FPGA_PROP "fpga" #define FIT_FIRMWARE_PROP "firmware" #define FIT_STANDALONE_PROP "standalone" +#define FIT_SCRIPT_PROP "script" #define FIT_PHASE_PROP "phase" #define FIT_MAX_HASH_LEN HASH_MAX_DIGEST_SIZE |