diff options
| author | Philippe Reynes <philippe.reynes@softathome.com> | 2020-10-29 20:50:29 +0300 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2020-12-01 22:12:28 +0300 |
| commit | 7d5b1bf6b84489cbbafd6dc679fdac2eda876c74 (patch) | |
| tree | d5ba64c03253ea7886cda536785a49d575132ea6 | |
| parent | a282ada1987ca85826e6f47bb6e3c48a17e11098 (diff) | |
| download | u-boot-7d5b1bf6b84489cbbafd6dc679fdac2eda876c74.tar.xz | |
spl: spl_fit.c: enable check of signature for config node in spl/tpl
This commit add the support of signature check for config node
in spl/tpl when the function spl_load_simple_fit is used.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
| -rw-r--r-- | common/spl/spl_fit.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index 6418062b93..2fbee4f19f 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -558,6 +558,16 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, if (spl_load_simple_fit_skip_processing()) return 0; + if (IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)) { + int conf_offset = fit_find_config_node(fit); + + printf("## Checking hash(es) for config %s ... ", + fit_get_name(fit, conf_offset, NULL)); + if (fit_config_verify(fit, conf_offset)) + return -EPERM; + puts("OK\n"); + } + /* find the node holding the images information */ images = fdt_path_offset(fit, FIT_IMAGES_PATH); if (images < 0) { |