Roman Kopytin | ac55734 | 2023-03-08 01:13:41 +0000 | [diff] [blame] | 1 | // SPDX-License-Identifier: GPL-2.0+ |
| 2 | #include <image.h> |
| 3 | #include "fit_common.h" |
| 4 | |
| 5 | static const char *cmdname; |
| 6 | |
| 7 | static const char *algo_name = "sha1,rsa2048"; /* -a <algo> */ |
| 8 | static const char *keydir = "."; /* -k <keydir> */ |
| 9 | static const char *keyname = "key"; /* -n <keyname> */ |
| 10 | static const char *require_keys; /* -r <conf|image> */ |
| 11 | static const char *keydest; /* argv[n] */ |
| 12 | |
Heinrich Schuchardt | dff7580 | 2023-04-01 08:09:34 +0200 | [diff] [blame] | 13 | static void __attribute__((__noreturn__)) print_usage(const char *msg) |
Roman Kopytin | ac55734 | 2023-03-08 01:13:41 +0000 | [diff] [blame] | 14 | { |
| 15 | fprintf(stderr, "Error: %s\n", msg); |
| 16 | fprintf(stderr, "Usage: %s [-a <algo>] [-k <keydir>] [-n <keyname>] [-r <conf|image>]" |
| 17 | " <fdt blob>\n", cmdname); |
| 18 | fprintf(stderr, "Help information: %s [-h]\n", cmdname); |
| 19 | exit(EXIT_FAILURE); |
| 20 | } |
| 21 | |
Heinrich Schuchardt | dff7580 | 2023-04-01 08:09:34 +0200 | [diff] [blame] | 22 | static void __attribute__((__noreturn__)) print_help(void) |
Roman Kopytin | ac55734 | 2023-03-08 01:13:41 +0000 | [diff] [blame] | 23 | { |
| 24 | fprintf(stderr, "Options:\n" |
| 25 | "\t-a <algo> Cryptographic algorithm. Optional parameter, default value: sha1,rsa2048\n" |
| 26 | "\t-k <keydir> Directory with public key. Optional parameter, default value: .\n" |
| 27 | "\t-n <keyname> Public key name. Optional parameter, default value: key\n" |
| 28 | "\t-r <conf|image> Required: If present this indicates that the key must be verified for the image / configuration to be considered valid.\n" |
| 29 | "\t<fdt blob> FDT blob file for adding of the public key. Required parameter.\n"); |
| 30 | exit(EXIT_FAILURE); |
| 31 | } |
| 32 | |
| 33 | static void process_args(int argc, char *argv[]) |
| 34 | { |
| 35 | int opt; |
| 36 | |
| 37 | while ((opt = getopt(argc, argv, "a:k:n:r:h")) != -1) { |
| 38 | switch (opt) { |
| 39 | case 'k': |
| 40 | keydir = optarg; |
| 41 | break; |
| 42 | case 'a': |
| 43 | algo_name = optarg; |
| 44 | break; |
| 45 | case 'n': |
| 46 | keyname = optarg; |
| 47 | break; |
| 48 | case 'r': |
| 49 | require_keys = optarg; |
| 50 | break; |
| 51 | case 'h': |
| 52 | print_help(); |
| 53 | default: |
| 54 | print_usage("Invalid option"); |
| 55 | } |
| 56 | } |
| 57 | /* The last parameter is expected to be the .dtb to add the public key to */ |
| 58 | if (optind < argc) |
| 59 | keydest = argv[optind]; |
| 60 | |
| 61 | if (!keydest) |
| 62 | print_usage("Missing dtb file to update"); |
| 63 | } |
| 64 | |
| 65 | static void reset_info(struct image_sign_info *info) |
| 66 | { |
| 67 | if (!info) |
| 68 | fprintf(stderr, "Error: info is NULL in %s\n", __func__); |
| 69 | |
| 70 | memset(info, 0, sizeof(struct image_sign_info)); |
| 71 | |
| 72 | info->keydir = keydir; |
| 73 | info->keyname = keyname; |
| 74 | info->name = algo_name; |
| 75 | info->require_keys = require_keys; |
| 76 | info->crypto = image_get_crypto_algo(algo_name); |
| 77 | |
| 78 | if (!info->crypto) { |
| 79 | fprintf(stderr, "Unsupported signature algorithm '%s'\n", |
| 80 | algo_name); |
| 81 | exit(EXIT_FAILURE); |
| 82 | } |
| 83 | } |
| 84 | |
| 85 | static int add_pubkey(struct image_sign_info *info) |
| 86 | { |
| 87 | int destfd = -1, ret; |
| 88 | void *dest_blob = NULL; |
| 89 | struct stat dest_sbuf; |
| 90 | size_t size_inc = 0; |
| 91 | |
| 92 | if (!info) |
| 93 | fprintf(stderr, "Error: info is NULL in %s\n", __func__); |
| 94 | |
| 95 | do { |
| 96 | if (destfd >= 0) { |
| 97 | munmap(dest_blob, dest_sbuf.st_size); |
| 98 | close(destfd); |
| 99 | |
| 100 | fprintf(stderr, ".dtb too small, increasing size by 1024 bytes\n"); |
| 101 | size_inc = 1024; |
| 102 | } |
| 103 | |
| 104 | destfd = mmap_fdt(cmdname, keydest, size_inc, &dest_blob, |
| 105 | &dest_sbuf, false, false); |
| 106 | if (destfd < 0) |
| 107 | exit(EXIT_FAILURE); |
| 108 | |
| 109 | ret = info->crypto->add_verify_data(info, dest_blob); |
| 110 | if (ret == -ENOSPC) |
| 111 | continue; |
| 112 | else if (ret < 0) |
| 113 | break; |
| 114 | } while (ret == -ENOSPC); |
| 115 | |
| 116 | return ret; |
| 117 | } |
| 118 | |
| 119 | int main(int argc, char *argv[]) |
| 120 | { |
| 121 | struct image_sign_info info; |
| 122 | int ret; |
| 123 | |
| 124 | cmdname = argv[0]; |
| 125 | |
| 126 | process_args(argc, argv); |
| 127 | reset_info(&info); |
| 128 | ret = add_pubkey(&info); |
| 129 | |
| 130 | if (ret < 0) { |
| 131 | fprintf(stderr, "%s: Cannot add public key to FIT blob: %s\n", |
| 132 | cmdname, strerror(ret)); |
| 133 | exit(EXIT_FAILURE); |
| 134 | } |
| 135 | |
| 136 | exit(EXIT_SUCCESS); |
| 137 | } |
| 138 | |