cmd: source: Support specifying config name

As discussed previously [1,2], the source command is not safe to use with verified boot unless there is a key with required = "images" (which has its own problems). This is because if such a key is absent, signatures are verified but not required. It is assumed that configuration nodes will provide the signature. Because the source command does not use configurations to determine the image to source, effectively no verification takes place. To address this, allow specifying configuration nodes. We use the same syntax as the bootm command (helpfully provided for us by fit_parse_conf). By default, we first try the default config and then the default image. To force using a config, # must be present in the command (e.g. `source $loadaddr#my-conf`). For convenience, the config may be omitted, just like the address may be (e.g. `source \#`). This also works for images (`source :` behaves exactly like `source` currently does). [1] https://lore.kernel.org/u-boot/7d711133-d513-5bcb-52f2-a9dbaa9eeded@prevas.dk/ [2] https://lore.kernel.org/u-boot/042dcb34-f85f-351e-1b0e-513f89005fdd@gmail.com/ Signed-off-by: Sean Anderson <sean.anderson@seco.com> Reviewed-by: Simon Glass <sjg@chromium.org>
author: Sean Anderson <sean.anderson@seco.com> 2022-12-12 14:12:11 -0500
committer: Tom Rini <trini@konsulko.com> 2022-12-31 13:35:19 -0500
commit: bcc85b96b5ffbbce19a89747138feb873d918915 (patch)
tree: 9a4c733db8ec3b99444a5ff9177aeb709459ad07 /cmd/source.c
parent: c4f5738e690487dc59c8234782e792e57dac9a22 (diff)
1 files changed, 53 insertions, 21 deletions
diff --git a/cmd/source.c b/cmd/source.c
index 5973824601..94da5d8d6a 100644
--- a/cmd/source.c
+++ b/cmd/source.c
@@ -42,7 +42,7 @@ static const char *get_default_image(const void *fit)
 }
 #endif
 
-int image_source_script(ulong addr, const char *fit_uname)
+int image_source_script(ulong addr, const char *fit_uname, const char *confname)
 {
 	ulong		len;
 #if defined(CONFIG_LEGACY_IMAGE_FORMAT)
@@ -112,19 +112,47 @@ int image_source_script(ulong addr, const char *fit_uname)
 			return 1;
 		}
 
-		if (!fit_uname)
-			fit_uname = get_default_image(fit_hdr);
-
 		if (!fit_uname) {
-			puts("No FIT subimage unit name\n");
-			return 1;
-		}
+			/* If confname is empty, use the default */
+			if (confname && *confname)
+				noffset = fit_conf_get_node(fit_hdr, confname);
+			else
+				noffset = fit_conf_get_node(fit_hdr, NULL);
+			if (noffset < 0) {
+				if (!confname)
+					goto fallback;
+				printf("Could not find config %s\n", confname);
+				return 1;
+			}
 
-		/* get script component image node offset */
-		noffset = fit_image_get_node (fit_hdr, fit_uname);
-		if (noffset < 0) {
-			printf ("Can't find '%s' FIT subimage\n", fit_uname);
-			return 1;
+			if (verify && fit_config_verify(fit_hdr, noffset))
+				return 1;
+
+			noffset = fit_conf_get_prop_node(fit_hdr, noffset,
+							 FIT_SCRIPT_PROP,
+							 IH_PHASE_NONE);
+			if (noffset < 0) {
+				if (!confname)
+					goto fallback;
+				printf("Could not find script in %s\n", confname);
+				return 1;
+			}
+		} else {
+fallback:
+			if (!fit_uname || !*fit_uname)
+				fit_uname = get_default_image(fit_hdr);
+			if (!fit_uname) {
+				puts("No FIT subimage unit name\n");
+				return 1;
+			}
+
+			/* get script component image node offset */
+			noffset = fit_image_get_node(fit_hdr, fit_uname);
+			if (noffset < 0) {
+				printf("Can't find '%s' FIT subimage\n",
+				       fit_uname);
+				return 1;
+			}
 		}
 
 		if (!fit_image_check_type (fit_hdr, noffset, IH_TYPE_SCRIPT)) {
@@ -164,7 +192,7 @@ static int do_source(struct cmd_tbl *cmdtp, int flag, int argc,
 {
 	ulong addr;
 	int rcode;
-	const char *fit_uname = NULL;
+	const char *fit_uname = NULL, *confname = NULL;
 
 	/* Find script image */
 	if (argc < 2) {
@@ -175,6 +203,9 @@ static int do_source(struct cmd_tbl *cmdtp, int flag, int argc,
 				      &fit_uname)) {
 		debug("*  source: subimage '%s' from FIT image at 0x%08lx\n",
 		      fit_uname, addr);
+	} else if (fit_parse_conf(argv[1], image_load_addr, &addr, &confname)) {
+		debug("*  source: config '%s' from FIT image at 0x%08lx\n",
+		      confname, addr);
 #endif
 	} else {
 		addr = hextoul(argv[1], NULL);
@@ -182,21 +213,22 @@ static int do_source(struct cmd_tbl *cmdtp, int flag, int argc,
 	}
 
 	printf ("## Executing script at %08lx\n", addr);
-	rcode = image_source_script(addr, fit_uname);
+	rcode = image_source_script(addr, fit_uname, confname);
 	return rcode;
 }
 
 #ifdef CONFIG_SYS_LONGHELP
 static char source_help_text[] =
-	"[addr]\n"
-	"\t- run script starting at addr\n"
-	"\t- A valid image header must be present"
 #if defined(CONFIG_FIT)
-	"\n"
-	"For FIT format uImage addr must include subimage\n"
-	"unit name in the form of addr:<subimg_uname>"
+	"[<addr>][:[<image>]|#[<config>]]\n"
+	"\t- Run script starting at addr\n"
+	"\t- A FIT config name or subimage name may be specified with : or #\n"
+	"\t  (like bootm). If the image or config name is omitted, the\n"
+	"\t  default is used.";
+#else
+	"[<addr>]\n"
+	"\t- Run script starting at addr";
 #endif
-	"";
 #endif
 
 U_BOOT_CMD(
author	Sean Anderson <sean.anderson@seco.com>	2022-12-12 14:12:11 -0500
committer	Tom Rini <trini@konsulko.com>	2022-12-31 13:35:19 -0500
commit	bcc85b96b5ffbbce19a89747138feb873d918915 (patch)
tree	9a4c733db8ec3b99444a5ff9177aeb709459ad07 /cmd/source.c
parent	c4f5738e690487dc59c8234782e792e57dac9a22 (diff)