Hi, On Wed, Apr 11, 2018 at 11:13:05PM +0800, Jun Nie wrote: > It may be unnecessary to check signature on unlocked board. > Get the hint from platform specific code to support secure boot > and non-secure boot with the same binary, so that boot is not > blocked if board is not locked and has no key for signature > verification. >
Isn't it what the environment variable `verify` is made for?
i.e. setting verify=no will skip checks and boot an image even though it
isn't signed or hash/signature does not match.
I may be missing some context here, so please ignore if it's not what
you're after.
BTW, I saw that you were speaking of reading the lock fuse to decide
whether to check the signature or not. I'd like to have at least a
bypass option for this as it would be horribly tedious for
debugging/development purposes. E.g. I want to be able to boot from an
unverified U-Boot binary a signed (and checked) fitImage so that I can
validate everything works as it should before locking down the
bootloader.
Regards,
Quentin
> Signed-off-by: Jun Nie <jun....@linaro.org>
> ---
> common/image-sig.c | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/common/image-sig.c b/common/image-sig.c
> index d9f712f..f3d1252 100644
> --- a/common/image-sig.c
> +++ b/common/image-sig.c
> @@ -151,6 +151,11 @@ struct image_region *fit_region_make_list(const void
> *fit,
> return region;
> }
>
> +int __attribute__((weak)) fit_board_skip_sig_verification(void)
> +{
> + return 0;
> +}
> +
> static int fit_image_setup_verify(struct image_sign_info *info,
> const void *fit, int noffset, int required_keynode,
> char **err_msgp)
> @@ -188,6 +193,12 @@ int fit_image_check_sig(const void *fit, int noffset,
> const void *data,
> uint8_t *fit_value;
> int fit_value_len;
>
> + /* Skip verification if board says that */
> + if (fit_board_skip_sig_verification()) {
> + printf("signature check skipped\n");
> + return 0;
> + }
> +
> *err_msgp = NULL;
> if (fit_image_setup_verify(&info, fit, noffset, required_keynode,
> err_msgp))
> @@ -438,6 +449,12 @@ int fit_config_verify_required_sigs(const void *fit, int
> conf_noffset,
> int noffset;
> int sig_node;
>
> + /* Skip verification if board says that */
> + if (fit_board_skip_sig_verification()) {
> + printf("signature check skipped\n");
> + return 0;
> + }
> +
> /* Work out what we need to verify */
> sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME);
> if (sig_node < 0) {
> --
> 2.7.4
>
> _______________________________________________
> U-Boot mailing list
> U-Boot@lists.denx.de
> https://lists.denx.de/listinfo/u-boot
signature.asc
Description: PGP signature
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
