Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 5dee134e7e917670df41497af1749de1ba14e6c8^! / .
commit5dee134e7e917670df41497af1749de1ba14e6c8[log] [tgz]
authorMarek Vasut <marex@denx.de>Thu May 31 17:59:07 2018 +0200
committerTom Rini <trini@konsulko.com>Tue Jul 10 16:55:56 2018 -0400
tree39e4f793b66f0146e0ad693e265c14907314dd4e
parent8b489b51dfbb9d4cf08d14bf1a03ee835c2134b2 [diff]
fit: Verify all configuration signatures

Rather than verifying configuration signature of the configuration node
containing the kernel image types, verify all configuration nodes, even
those that do not contain kernel images. This is useful when the nodes
contain ie. standalone OSes or U-Boot.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/common/image-fit.c b/common/image-fit.c
index 728187a..8d39a24 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c

@@ -1838,24 +1838,26 @@
 					BOOTSTAGE_SUB_NO_UNIT_NAME);
 			return -ENOENT;
 		}
+
 		fit_base_uname_config = fdt_get_name(fit, cfg_noffset, NULL);
 		printf("   Using '%s' configuration\n", fit_base_uname_config);
-		if (image_type == IH_TYPE_KERNEL) {
-			/* Remember (and possibly verify) this config */
+		/* Remember this config */
+		if (image_type == IH_TYPE_KERNEL)
 			images->fit_uname_cfg = fit_base_uname_config;
-			if (IMAGE_ENABLE_VERIFY && images->verify) {
-				puts("   Verifying Hash Integrity ... ");
-				if (fit_config_verify(fit, cfg_noffset)) {
-					puts("Bad Data Hash\n");
-					bootstage_error(bootstage_id +
-						BOOTSTAGE_SUB_HASH);
-					return -EACCES;
-				}
-				puts("OK\n");
+
+		if (IMAGE_ENABLE_VERIFY && images->verify) {
+			puts("   Verifying Hash Integrity ... ");
+			if (fit_config_verify(fit, cfg_noffset)) {
+				puts("Bad Data Hash\n");
+				bootstage_error(bootstage_id +
+					BOOTSTAGE_SUB_HASH);
+				return -EACCES;
 			}
-			bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG);
+			puts("OK\n");
 		}
 
+		bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG);
+
 		noffset = fit_conf_get_prop_node(fit, cfg_noffset,
 						 prop_name);
 		fit_uname = fit_get_name(fit, noffset, NULL);