Hi Heiko,
On 24 January 2014 23:44, Heiko Schocher <h...@denx.de> wrote:
> check if a fdt is correct signed
> pass an optional addr value. Contains the addr of the key blob
>
> Signed-off-by: Heiko Schocher <h...@denx.de>
> Cc: Simon Glass <s...@chromium.org>
> ---
> common/cmd_fdt.c | 38 +++++++++++++++++++++++++++++++++++++-
> 1 file changed, 37 insertions(+), 1 deletion(-)
>
> diff --git a/common/cmd_fdt.c b/common/cmd_fdt.c
> index 3a9edd6..b8468ea 100644
> --- a/common/cmd_fdt.c
> +++ b/common/cmd_fdt.c
> @@ -243,7 +243,7 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc,
> char * const argv[])
> /*
> * Set the value of a property in the working_fdt.
> */
> - } else if (argv[1][0] == 's') {
> + } else if (strncmp(argv[1], "se", 2) == 0) {
> char *pathp; /* path */
> char *prop; /* property */
> int nodeoffset; /* node offset from libfdt */
> @@ -283,6 +283,37 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc,
> char * const argv[])
> return 1;
> }
>
> +#if defined(CONFIG_FIT_SIGNATURE)
> + } else if (strncmp(argv[1], "si", 2) == 0) {
> + int cfg_noffset;
> + int ret;
> + unsigned long addr;
> + struct fdt_header *blob;
> +
> + if (!working_fdt)
> + return CMD_RET_FAILURE;
> +
> + if (argc > 2) {
> + addr = simple_strtoul(argv[2], NULL, 16);
> + blob = map_sysmem(addr, 0);
> + } else {
> + blob = (struct fdt_header *)gd->fdt_blob;
> + }
> + if (!fdt_valid(&blob))
> + return 1;
> +
> + gd->fdt_blob = blob;
> + cfg_noffset = fit_conf_get_node(working_fdt, NULL);
> + if (!cfg_noffset)
> + return CMD_RET_FAILURE;
May need to print an error here, since otherwise it won't be clear
what went wrong.
> +
> + ret = fit_config_verify(working_fdt, cfg_noffset);
> + if (ret == 1)
> + return CMD_RET_SUCCESS;
> + else
> + return CMD_RET_FAILURE;
> +#endif
> +
> /********************************************************************
> * Get the value of a property in the working_fdt.
> ********************************************************************/
> @@ -992,6 +1023,11 @@ static char fdt_help_text[] =
> "fdt rsvmem delete <index> - Delete a mem reserves\n"
> "fdt chosen [<start> <end>] - Add/update the /chosen branch
> in the tree\n"
> " <start>/<end> - initrd
> start/end addr\n"
> +#if defined(CONFIG_FIT_SIGNATURE)
> + "fdt sign [<addr>] - check FIT signature\n"
How about checksig instead of sign? 'sign' sounds like you are going to sign it.
> + " <start> - addr of key blob\n"
> + " default
> gd->fdt_blob\n"
> +#endif
> "NOTE: Dereference aliases by omiting the leading '/', "
> "e.g. fdt print ethernet0.";
> #endif
> --
> 1.8.3.1
>
Regards,
Simon
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
