From 5c643db4cc95c6ac6457731cb5bb75d6896e415b Mon Sep 17 00:00:00 2001 From: Jun Nie Date: Tue, 27 Feb 2018 16:55:58 +0800 Subject: [PATCH] SPL: Add signature verification when loading image U-boot proper signature is not verified by SPL on most platforms even config SPL_FIT_SIGNATURE is enabled. Only fsl-layerscape platform support secure boot in platform specific code. So verified boot cannot be achieved if u-boot proper is loaded by SPL. This patch add signature verification to u-boot proper images when loading FIT image in SPL. It is tested on Allwinner bananapi zero board with H2+ SoC. Signed-off-by: Jun Nie --- common/image-fit.c | 56 +++++++++++++++++++++++++++----------------- common/spl/spl_fit.c | 12 ++++++++++ include/image.h | 2 ++ 3 files changed, 48 insertions(+), 22 deletions(-) diff --git a/common/image-fit.c b/common/image-fit.c index f6e956ad96..4b03390454 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1068,34 +1068,14 @@ static int fit_image_check_hash(const void *fit, int noffset, const void *data, return 0; } -/** - * fit_image_verify - verify data integrity - * @fit: pointer to the FIT format image header - * @image_noffset: component image node offset - * - * fit_image_verify() goes over component image hash nodes, - * re-calculates each data hash and compares with the value stored in hash - * node. - * - * returns: - * 1, if all hashes are valid - * 0, otherwise (or on error) - */ -int fit_image_verify(const void *fit, int image_noffset) +int fit_image_verify_with_data(const void *fit, int image_noffset, + const void *data, size_t size) { - const void *data; - size_t size; int noffset = 0; char *err_msg = ""; int verify_all = 1; int ret; - /* Get image data and data length */ - if (fit_image_get_data(fit, image_noffset, &data, &size)) { - err_msg = "Can't get image data/size"; - goto error; - } - /* Verify all required signatures */ if (IMAGE_ENABLE_VERIFY && fit_image_verify_required_sigs(fit, image_noffset, data, size, @@ -1152,6 +1132,38 @@ error: return 0; } +/** + * fit_image_verify - verify data integrity + * @fit: pointer to the FIT format image header + * @image_noffset: component image node offset + * + * fit_image_verify() goes over component image hash nodes, + * re-calculates each data hash and compares with the value stored in hash + * node. + * + * returns: + * 1, if all hashes are valid + * 0, otherwise (or on error) + */ +int fit_image_verify(const void *fit, int image_noffset) +{ + const void *data; + size_t size; + int noffset = 0; + char *err_msg = ""; + + /* Get image data and data length */ + if (fit_image_get_data(fit, image_noffset, &data, &size)) { + err_msg = "Can't get image data/size"; + printf("error!\n%s for '%s' hash node in '%s' image node\n", + err_msg, fit_get_name(fit, noffset, NULL), + fit_get_name(fit, image_noffset, NULL)); + return 0; + } + + return fit_image_verify_with_data(fit, image_noffset, data, size); +} + /** * fit_all_image_verify - verify data integrity for all images * @fit: pointer to the FIT format image header diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index b705d030e7..be92ca4b4f 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -174,6 +174,9 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector, uint8_t image_comp = -1, type = -1; const void *data; bool external_data = false; +#ifdef CONFIG_SPL_FIT_SIGNATURE + int ret; +#endif if (IS_ENABLED(CONFIG_SPL_OS_BOOT) && IS_ENABLED(CONFIG_SPL_GZIP)) { if (fit_image_get_comp(fit, node, &image_comp)) @@ -252,7 +255,16 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector, image_info->entry_point = fdt_getprop_u32(fit, node, "entry"); } +#ifdef CONFIG_SPL_FIT_SIGNATURE + printf("## Checking hash(es) for Image %s ...\n", + fit_get_name(fit, node, NULL)); + ret = fit_image_verify_with_data(fit, node, + (const void *)load_addr, length); + printf("\n"); + return !ret; +#else return 0; +#endif } static int spl_fit_append_fdt(struct spl_image_info *spl_image, diff --git a/include/image.h b/include/image.h index dbdaecbfdd..88e17fc91e 100644 --- a/include/image.h +++ b/include/image.h @@ -1013,6 +1013,8 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, const char *comment, int require_keys, const char *engine_id); +int fit_image_verify_with_data(const void *fit, int image_noffset, + const void *data, size_t size); int fit_image_verify(const void *fit, int noffset); int fit_config_verify(const void *fit, int conf_noffset); int fit_all_image_verify(const void *fit); -- 2.39.5