
Hi Heiko,
On 24 January 2014 23:44, Heiko Schocher hs@denx.de wrote:
check if a fdt is correct signed pass an optional addr value. Contains the addr of the key blob
Signed-off-by: Heiko Schocher hs@denx.de Cc: Simon Glass sjg@chromium.org
common/cmd_fdt.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-)
diff --git a/common/cmd_fdt.c b/common/cmd_fdt.c index 3a9edd6..b8468ea 100644 --- a/common/cmd_fdt.c +++ b/common/cmd_fdt.c @@ -243,7 +243,7 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) /* * Set the value of a property in the working_fdt. */
} else if (argv[1][0] == 's') {
} else if (strncmp(argv[1], "se", 2) == 0) { char *pathp; /* path */ char *prop; /* property */ int nodeoffset; /* node offset from libfdt */
@@ -283,6 +283,37 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) return 1; }
+#if defined(CONFIG_FIT_SIGNATURE)
} else if (strncmp(argv[1], "si", 2) == 0) {
int cfg_noffset;
int ret;
unsigned long addr;
struct fdt_header *blob;
if (!working_fdt)
return CMD_RET_FAILURE;
if (argc > 2) {
addr = simple_strtoul(argv[2], NULL, 16);
blob = map_sysmem(addr, 0);
} else {
blob = (struct fdt_header *)gd->fdt_blob;
}
if (!fdt_valid(&blob))
return 1;
gd->fdt_blob = blob;
cfg_noffset = fit_conf_get_node(working_fdt, NULL);
if (!cfg_noffset)
return CMD_RET_FAILURE;
May need to print an error here, since otherwise it won't be clear what went wrong.
ret = fit_config_verify(working_fdt, cfg_noffset);
if (ret == 1)
return CMD_RET_SUCCESS;
else
return CMD_RET_FAILURE;
+#endif
/******************************************************************** * Get the value of a property in the working_fdt. ********************************************************************/
@@ -992,6 +1023,11 @@ static char fdt_help_text[] = "fdt rsvmem delete <index> - Delete a mem reserves\n" "fdt chosen [<start> <end>] - Add/update the /chosen branch in the tree\n" " <start>/<end> - initrd start/end addr\n" +#if defined(CONFIG_FIT_SIGNATURE)
"fdt sign [<addr>] - check FIT signature\n"
How about checksig instead of sign? 'sign' sounds like you are going to sign it.
" <start> - addr of key blob\n"
" default gd->fdt_blob\n"
+#endif "NOTE: Dereference aliases by omiting the leading '/', " "e.g. fdt print ethernet0.";
#endif
1.8.3.1
Regards, Simon