summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJun Nie <jun.nie@linaro.org>2018-02-27 16:55:58 +0800
committerTom Rini <trini@konsulko.com>2018-03-19 09:59:32 -0400
commit5c643db4cc95c6ac6457731cb5bb75d6896e415b (patch)
tree0fc4b285f0a0da1bc15fb9b8cb3e7d8918bb9916
parent50905b55c7b9c3a20e2c5a7e5f7ae8236ecd7a8e (diff)
SPL: Add signature verification when loading image
U-boot proper signature is not verified by SPL on most platforms even config SPL_FIT_SIGNATURE is enabled. Only fsl-layerscape platform support secure boot in platform specific code. So verified boot cannot be achieved if u-boot proper is loaded by SPL. This patch add signature verification to u-boot proper images when loading FIT image in SPL. It is tested on Allwinner bananapi zero board with H2+ SoC. Signed-off-by: Jun Nie <jun.nie@linaro.org>
-rw-r--r--common/image-fit.c56
-rw-r--r--common/spl/spl_fit.c12
-rw-r--r--include/image.h2
3 files changed, 48 insertions, 22 deletions
diff --git a/common/image-fit.c b/common/image-fit.c
index f6e956ad963..4b033904542 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1068,34 +1068,14 @@ static int fit_image_check_hash(const void *fit, int noffset, const void *data,
return 0;
}
-/**
- * fit_image_verify - verify data integrity
- * @fit: pointer to the FIT format image header
- * @image_noffset: component image node offset
- *
- * fit_image_verify() goes over component image hash nodes,
- * re-calculates each data hash and compares with the value stored in hash
- * node.
- *
- * returns:
- * 1, if all hashes are valid
- * 0, otherwise (or on error)
- */
-int fit_image_verify(const void *fit, int image_noffset)
+int fit_image_verify_with_data(const void *fit, int image_noffset,
+ const void *data, size_t size)
{
- const void *data;
- size_t size;
int noffset = 0;
char *err_msg = "";
int verify_all = 1;
int ret;
- /* Get image data and data length */
- if (fit_image_get_data(fit, image_noffset, &data, &size)) {
- err_msg = "Can't get image data/size";
- goto error;
- }
-
/* Verify all required signatures */
if (IMAGE_ENABLE_VERIFY &&
fit_image_verify_required_sigs(fit, image_noffset, data, size,
@@ -1153,6 +1133,38 @@ error:
}
/**
+ * fit_image_verify - verify data integrity
+ * @fit: pointer to the FIT format image header
+ * @image_noffset: component image node offset
+ *
+ * fit_image_verify() goes over component image hash nodes,
+ * re-calculates each data hash and compares with the value stored in hash
+ * node.
+ *
+ * returns:
+ * 1, if all hashes are valid
+ * 0, otherwise (or on error)
+ */
+int fit_image_verify(const void *fit, int image_noffset)
+{
+ const void *data;
+ size_t size;
+ int noffset = 0;
+ char *err_msg = "";
+
+ /* Get image data and data length */
+ if (fit_image_get_data(fit, image_noffset, &data, &size)) {
+ err_msg = "Can't get image data/size";
+ printf("error!\n%s for '%s' hash node in '%s' image node\n",
+ err_msg, fit_get_name(fit, noffset, NULL),
+ fit_get_name(fit, image_noffset, NULL));
+ return 0;
+ }
+
+ return fit_image_verify_with_data(fit, image_noffset, data, size);
+}
+
+/**
* fit_all_image_verify - verify data integrity for all images
* @fit: pointer to the FIT format image header
*
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index b705d030e77..be92ca4b4fd 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -174,6 +174,9 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector,
uint8_t image_comp = -1, type = -1;
const void *data;
bool external_data = false;
+#ifdef CONFIG_SPL_FIT_SIGNATURE
+ int ret;
+#endif
if (IS_ENABLED(CONFIG_SPL_OS_BOOT) && IS_ENABLED(CONFIG_SPL_GZIP)) {
if (fit_image_get_comp(fit, node, &image_comp))
@@ -252,7 +255,16 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector,
image_info->entry_point = fdt_getprop_u32(fit, node, "entry");
}
+#ifdef CONFIG_SPL_FIT_SIGNATURE
+ printf("## Checking hash(es) for Image %s ...\n",
+ fit_get_name(fit, node, NULL));
+ ret = fit_image_verify_with_data(fit, node,
+ (const void *)load_addr, length);
+ printf("\n");
+ return !ret;
+#else
return 0;
+#endif
}
static int spl_fit_append_fdt(struct spl_image_info *spl_image,
diff --git a/include/image.h b/include/image.h
index dbdaecbfdd3..88e17fc91eb 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1013,6 +1013,8 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
const char *comment, int require_keys,
const char *engine_id);
+int fit_image_verify_with_data(const void *fit, int image_noffset,
+ const void *data, size_t size);
int fit_image_verify(const void *fit, int noffset);
int fit_config_verify(const void *fit, int conf_noffset);
int fit_all_image_verify(const void *fit);