fiptool: Add support for printing the sha256 digest with info command
This feature allows one to quickly verify that the expected
image is contained in the FIP without extracting the image and
running sha256sum(1) on it.
The sha256 digest is only shown when the verbose flag is used.
This change requires libssl-dev to be installed in order to build
Trusted Firmware. Previously, libssl-dev was optionally needed only
to support Trusted Board Boot configurations.
Fixes ARM-Software/tf-issues#124
Change-Id: Ifb1408d17f483d482bb270a589ee74add25ec5a6
diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
index 3bc372a..df76a75 100644
--- a/tools/fiptool/Makefile
+++ b/tools/fiptool/Makefile
@@ -44,6 +44,7 @@
else
CFLAGS += -O2
endif
+LDLIBS := -lcrypto
ifeq (${V},0)
Q := @
@@ -62,7 +63,7 @@
${PROJECT}: ${OBJECTS} Makefile
@echo " LD $@"
- ${Q}${CC} ${OBJECTS} -o $@
+ ${Q}${CC} ${OBJECTS} -o $@ ${LDLIBS}
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
diff --git a/tools/fiptool/fiptool.c b/tools/fiptool/fiptool.c
index 68ddcf5..6a3406e 100644
--- a/tools/fiptool/fiptool.c
+++ b/tools/fiptool/fiptool.c
@@ -42,6 +42,8 @@
#include <string.h>
#include <unistd.h>
+#include <openssl/sha.h>
+
#include "fiptool.h"
#include "firmware_image_package.h"
#include "tbbr_config.h"
@@ -354,6 +356,14 @@
opts[idx].val = val;
}
+static void md_print(unsigned char *md, size_t len)
+{
+ size_t i;
+
+ for (i = 0; i < len; i++)
+ printf("%02x", md[i]);
+}
+
static int info_cmd(int argc, char *argv[])
{
image_t *image;
@@ -391,10 +401,16 @@
(unsigned long long)image_offset,
(unsigned long long)image_size);
if (image->toc_entry != NULL)
- printf(", cmdline=\"--%s\"\n",
+ printf(", cmdline=\"--%s\"",
image->toc_entry->cmdline_name);
- else
- putchar('\n');
+ if (verbose) {
+ unsigned char md[SHA256_DIGEST_LENGTH];
+
+ SHA256(image->buffer, image_size, md);
+ printf(", sha256=");
+ md_print(md, sizeof(md));
+ }
+ putchar('\n');
image_offset += image_size;
}