aboutsummaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
authorHeiko Schocher <hs@denx.de>2014-03-03 12:19:30 +0100
committerTom Rini <trini@ti.com>2014-03-21 16:40:38 -0400
commit29a23f9d6c533f8371be3ae0268c4c75866291b2 (patch)
treecb7e69f6a7903ac5f63c03f99aa4f34b9fd151d7 /tools
parent6bf4ca076f8c7a3c1c5abd1cbb059516f7af15df (diff)
downloadu-boot-29a23f9d6c533f8371be3ae0268c4c75866291b2.zip
u-boot-29a23f9d6c533f8371be3ae0268c4c75866291b2.tar.gz
u-boot-29a23f9d6c533f8371be3ae0268c4c75866291b2.tar.bz2
tools, fit_check_sign: verify a signed fit image
add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'tools')
-rw-r--r--tools/.gitignore1
-rw-r--r--tools/Makefile7
-rw-r--r--tools/fdt_host.h2
-rw-r--r--tools/fdtdec.c1
-rw-r--r--tools/fit_check_sign.c85
-rw-r--r--tools/image-host.c15
-rw-r--r--tools/rsa-checksum.c1
-rw-r--r--tools/rsa-verify.c1
8 files changed, 111 insertions, 2 deletions
diff --git a/tools/.gitignore b/tools/.gitignore
index 2f6ecc7..b1e997f 100644
--- a/tools/.gitignore
+++ b/tools/.gitignore
@@ -1,5 +1,6 @@
/bmp_logo
/envcrc
+/fit_check_sign
/fit_info
/gen_eth_addr
/img2srec
diff --git a/tools/Makefile b/tools/Makefile
index 52fb69e..c5c378c 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -61,13 +61,13 @@ mkenvimage$(SFX)-objs := crc32.o mkenvimage.o os_support.o
hostprogs-y += dumpimage$(SFX) mkimage$(SFX)
ifdef CONFIG_FIT_SIGNATURE
-hostprogs-y += fit_info$(SFX)
+hostprogs-y += fit_info$(SFX) fit_check_sign$(SFX)
endif
FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := image-sig.o
# Flattened device tree objects
LIBFDT_OBJS := fdt.o fdt_ro.o fdt_rw.o fdt_strerror.o fdt_wip.o
-RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := rsa-sign.o
+RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := rsa-sign.o rsa-verify.o rsa-checksum.o
# common objs for dumpimage and mkimage
dumpimage-mkimage-objs := aisimage.o \
@@ -97,6 +97,7 @@ dumpimage-mkimage-objs := aisimage.o \
dumpimage$(SFX)-objs := $(dumpimage-mkimage-objs) dumpimage.o
mkimage$(SFX)-objs := $(dumpimage-mkimage-objs) mkimage.o
fit_info$(SFX)-objs := $(dumpimage-mkimage-objs) fit_info.o
+fit_check_sign$(SFX)-objs := $(dumpimage-mkimage-objs) fit_check_sign.o
# TODO(sjg@chromium.org): Is this correct on Mac OS?
@@ -105,6 +106,7 @@ ifneq ($(CONFIG_MX23)$(CONFIG_MX28),)
HOSTLOADLIBES_dumpimage$(SFX) := -lssl -lcrypto
HOSTLOADLIBES_mkimage$(SFX) := -lssl -lcrypto
HOSTLOADLIBES_fit_info$(SFX) := -lssl -lcrypto
+HOSTLOADLIBES_fit_check_sign$(SFX) := -lssl -lcrypto
# Add CONFIG_MXS into host CFLAGS, so we can check whether or not register
# the mxsimage support within tools/mxsimage.c .
HOSTCFLAGS_mxsimage.o += -DCONFIG_MXS
@@ -114,6 +116,7 @@ ifdef CONFIG_FIT_SIGNATURE
HOSTLOADLIBES_dumpimage$(SFX) := -lssl -lcrypto
HOSTLOADLIBES_mkimage$(SFX) := -lssl -lcrypto
HOSTLOADLIBES_fit_info$(SFX) := -lssl -lcrypto
+HOSTLOADLIBES_fit_check_sign$(SFX) := -lssl -lcrypto
# This affects include/image.h, but including the board config file
# is tricky, so manually define this options here.
diff --git a/tools/fdt_host.h b/tools/fdt_host.h
index c2b23c6..134d965 100644
--- a/tools/fdt_host.h
+++ b/tools/fdt_host.h
@@ -11,4 +11,6 @@
#include "../include/libfdt.h"
#include "../include/fdt_support.h"
+int fit_check_sign(const void *working_fdt, const void *key);
+
#endif /* __FDT_HOST_H__ */
diff --git a/tools/fdtdec.c b/tools/fdtdec.c
new file mode 100644
index 0000000..f1c2256
--- /dev/null
+++ b/tools/fdtdec.c
@@ -0,0 +1 @@
+#include "../lib/fdtdec.c"
diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
new file mode 100644
index 0000000..d6d9340
--- /dev/null
+++ b/tools/fit_check_sign.c
@@ -0,0 +1,85 @@
+/*
+ * (C) Copyright 2014
+ * DENX Software Engineering
+ * Heiko Schocher <hs@denx.de>
+ *
+ * Based on:
+ * (C) Copyright 2008 Semihalf
+ *
+ * (C) Copyright 2000-2004
+ * DENX Software Engineering
+ * Wolfgang Denk, wd@denx.de
+ *
+ * Updated-by: Prafulla Wadaskar <prafulla@marvell.com>
+ * FIT image specific code abstracted from mkimage.c
+ * some functions added to address abstraction
+ *
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include "mkimage.h"
+#include "fit_common.h"
+#include <image.h>
+#include <u-boot/crc.h>
+
+void usage(char *cmdname)
+{
+ fprintf(stderr, "Usage: %s -f fit file -k key file\n"
+ " -f ==> set fit file which should be checked'\n"
+ " -k ==> set key file which contains the key'\n",
+ cmdname);
+ exit(EXIT_FAILURE);
+}
+
+int main(int argc, char **argv)
+{
+ int ffd = -1;
+ int kfd = -1;
+ struct stat fsbuf;
+ struct stat ksbuf;
+ void *fit_blob;
+ char *fdtfile = NULL;
+ char *keyfile = NULL;
+ char cmdname[50];
+ int ret;
+ void *key_blob;
+ int c;
+
+ strcpy(cmdname, *argv);
+ while ((c = getopt(argc, argv, "f:k:")) != -1)
+ switch (c) {
+ case 'f':
+ fdtfile = optarg;
+ break;
+ case 'k':
+ keyfile = optarg;
+ break;
+ default:
+ usage(cmdname);
+ break;
+ }
+
+ ffd = mmap_fdt(cmdname, fdtfile, &fit_blob, &fsbuf, 0);
+ if (ffd < 0)
+ return EXIT_FAILURE;
+ kfd = mmap_fdt(cmdname, keyfile, &key_blob, &ksbuf, 0);
+ if (ffd < 0)
+ return EXIT_FAILURE;
+
+ image_set_host_blob(key_blob);
+ ret = fit_check_sign(fit_blob, key_blob);
+
+ if (ret)
+ ret = EXIT_SUCCESS;
+ else
+ ret = EXIT_FAILURE;
+
+ (void) munmap((void *)fit_blob, fsbuf.st_size);
+ (void) munmap((void *)key_blob, ksbuf.st_size);
+
+ close(ffd);
+ close(kfd);
+ exit(ret);
+}
diff --git a/tools/image-host.c b/tools/image-host.c
index 8e185ec..651f1c2 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -695,3 +695,18 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
return 0;
}
+
+#ifdef CONFIG_FIT_SIGNATURE
+int fit_check_sign(const void *working_fdt, const void *key)
+{
+ int cfg_noffset;
+ int ret;
+
+ cfg_noffset = fit_conf_get_node(working_fdt, NULL);
+ if (!cfg_noffset)
+ return -1;
+
+ ret = fit_config_verify(working_fdt, cfg_noffset);
+ return ret;
+}
+#endif
diff --git a/tools/rsa-checksum.c b/tools/rsa-checksum.c
new file mode 100644
index 0000000..09033e6
--- /dev/null
+++ b/tools/rsa-checksum.c
@@ -0,0 +1 @@
+#include "../lib/rsa/rsa-checksum.c"
diff --git a/tools/rsa-verify.c b/tools/rsa-verify.c
new file mode 100644
index 0000000..bb662a1
--- /dev/null
+++ b/tools/rsa-verify.c
@@ -0,0 +1 @@
+#include "../lib/rsa/rsa-verify.c"