Re: [PATCH] spl: spl_fit.c: enable check of signature for config node in spl/tpl

On Thu, 29 Oct 2020 at 11:50, Philippe Reynes philippe.reynes@softathome.com wrote:

This commit add the support of signature check for config node in spl/tpl when the function spl_load_simple_fit is used.

Signed-off-by: Philippe Reynes philippe.reynes@softathome.com

common/spl/spl_fit.c | 10 ++++++++++ 1 file changed, 10 insertions(+)

Reviewed-by: Simon Glass sjg@chromium.org

We have sandbox SPL tests available now so it should be possible to write a test of FIT loading in SPL.

diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index fd6086a65c..7d10a4352c 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -551,6 +551,16 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, if (spl_load_simple_fit_skip_processing()) return 0;

•   if (IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)) {
  

•           int conf_offset = fit_find_config_node(fit);
  

•           printf("## Checking hash(es) for config %s ... ",
  

•                  fit_get_name(fit, conf_offset, NULL));
  

•           if (fit_config_verify(fit, conf_offset))
  

•                   return -EPERM;
  

•           puts("OK\n");
  

•   }
  

•   /* find the node holding the images information */
    images = fdt_path_offset(fit, FIT_IMAGES_PATH);
    if (images < 0) {
  

-- 2.17.1