From ce1400f6949bbfec01fe381a844b14844cb3be12 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Thu, 12 Jun 2014 07:24:53 -0600 Subject: Enhance fit_check_sign to check all images At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass Acked-by: Heiko Schocher (v1) --- tools/fit_check_sign.c | 7 +++++-- tools/image-host.c | 12 +++++++++--- 2 files changed, 14 insertions(+), 5 deletions(-) (limited to 'tools') diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c index 768be2f484..69e99c0d17 100644 --- a/tools/fit_check_sign.c +++ b/tools/fit_check_sign.c @@ -80,10 +80,13 @@ int main(int argc, char **argv) image_set_host_blob(key_blob); ret = fit_check_sign(fit_blob, key_blob); - if (!ret) + if (!ret) { ret = EXIT_SUCCESS; - else + fprintf(stderr, "Signature check OK\n"); + } else { ret = EXIT_FAILURE; + fprintf(stderr, "Signature check Bad (error %d)\n", ret); + } (void) munmap((void *)fit_blob, fsbuf.st_size); (void) munmap((void *)key_blob, ksbuf.st_size); diff --git a/tools/image-host.c b/tools/image-host.c index faeef66efc..0eff720b62 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -10,6 +10,7 @@ */ #include "mkimage.h" +#include #include #include @@ -707,16 +708,21 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, } #ifdef CONFIG_FIT_SIGNATURE -int fit_check_sign(const void *working_fdt, const void *key) +int fit_check_sign(const void *fit, const void *key) { int cfg_noffset; int ret; - cfg_noffset = fit_conf_get_node(working_fdt, NULL); + cfg_noffset = fit_conf_get_node(fit, NULL); if (!cfg_noffset) return -1; - ret = fit_config_verify(working_fdt, cfg_noffset); + printf("Verifying Hash Integrity ... "); + ret = fit_config_verify(fit, cfg_noffset); + if (ret) + return ret; + ret = bootm_host_load_images(fit, cfg_noffset); + return ret; } #endif -- cgit v1.2.1