Commit 919f550d authored by Bartlomiej Sieka's avatar Bartlomiej Sieka Committed by Wolfgang Denk

FIT: add ability to check hashes of all images in FIT, improve output

- add function fit_all_image_check_hashes() that verifies if all
  hashes of all images in the FIT are valid
- improve output of fit_image_check_hashes() when the hash check fails
Signed-off-by: default avatarBartlomiej Sieka <tur@semihalf.com>
parent 1de1fa40
......@@ -2645,27 +2645,29 @@ int fit_image_check_hashes (const void *fit, int image_noffset)
continue;
if (fit_image_hash_get_algo (fit, noffset, &algo)) {
err_msg = "Can't get hash algo property";
err_msg = " error!\nCan't get hash algo "
"property";
goto error;
}
printf ("%s", algo);
if (fit_image_hash_get_value (fit, noffset, &fit_value,
&fit_value_len)) {
err_msg = "Can't get hash value property";
err_msg = " error!\nCan't get hash value "
"property";
goto error;
}
if (calculate_hash (data, size, algo, value, &value_len)) {
err_msg = "Unsupported hash algorithm";
err_msg = " error!\nUnsupported hash algorithm";
goto error;
}
if (value_len != fit_value_len) {
err_msg = "Bad hash value len";
err_msg = " error !\nBad hash value len";
goto error;
} else if (memcmp (value, fit_value, value_len) != 0) {
err_msg = "Bad hash value";
err_msg = " error!\nBad hash value";
goto error;
}
printf ("+ ");
......@@ -2681,6 +2683,55 @@ error:
return 0;
}
/**
* fit_all_image_check_hashes - verify data intergity for all images
* @fit: pointer to the FIT format image header
*
* fit_all_image_check_hashes() goes over all images in the FIT and
* for every images checks if all it's hashes are valid.
*
* returns:
* 1, if all hashes of all images are valid
* 0, otherwise (or on error)
*/
int fit_all_image_check_hashes (const void *fit)
{
int images_noffset;
int noffset;
int ndepth;
int count;
/* Find images parent node offset */
images_noffset = fdt_path_offset (fit, FIT_IMAGES_PATH);
if (images_noffset < 0) {
printf ("Can't find images parent node '%s' (%s)\n",
FIT_IMAGES_PATH, fdt_strerror (images_noffset));
return 0;
}
/* Process all image subnodes, check hashes for each */
printf ("## Checking hash(es) for FIT Image at %08lx ...\n",
(ulong)fit);
for (ndepth = 0, count = 0,
noffset = fdt_next_node (fit, images_noffset, &ndepth);
(noffset >= 0) && (ndepth > 0);
noffset = fdt_next_node (fit, noffset, &ndepth)) {
if (ndepth == 1) {
/*
* Direct child node of the images parent node,
* i.e. component image node.
*/
printf (" Hash(es) for Image %u (%s): ", count++,
fit_get_name (fit, noffset, NULL));
if (!fit_image_check_hashes (fit, noffset))
return 0;
printf ("\n");
}
}
return 1;
}
/**
* fit_image_check_os - check whether image node is of a given os type
* @fit: pointer to the FIT format image header
......
......@@ -574,6 +574,7 @@ int fit_image_hash_set_value (void *fit, int noffset, uint8_t *value,
int value_len);
int fit_image_check_hashes (const void *fit, int noffset);
int fit_all_image_check_hashes (const void *fit);
int fit_image_check_os (const void *fit, int noffset, uint8_t os);
int fit_image_check_arch (const void *fit, int noffset, uint8_t arch);
int fit_image_check_type (const void *fit, int noffset, uint8_t type);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment