Rather than verifying configuration signature of the configuration node
containing the kernel image types, verify all configuration nodes, even
those that do not contain kernel images. This is useful when the nodes
contain ie. standalone OSes or U-Boot.
Signed-off-by: Marek Vasut <ma...@denx.de>
Cc: Tom Rini <tr...@konsulko.com>
Cc: Pantelis Antoniou <pantelis.anton...@konsulko.com>
Cc: Simon Glass <s...@chromium.org>
---
common/image-fit.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index 728187ac88..8d39a243f8 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1838,24 +1838,26 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
BOOTSTAGE_SUB_NO_UNIT_NAME);
return -ENOENT;
}
+
fit_base_uname_config = fdt_get_name(fit, cfg_noffset, NULL);
printf(" Using '%s' configuration\n", fit_base_uname_config);
- if (image_type == IH_TYPE_KERNEL) {
- /* Remember (and possibly verify) this config */
+ /* Remember this config */
+ if (image_type == IH_TYPE_KERNEL)
images->fit_uname_cfg = fit_base_uname_config;
- if (IMAGE_ENABLE_VERIFY && images->verify) {
- puts(" Verifying Hash Integrity ... ");
- if (fit_config_verify(fit, cfg_noffset)) {
- puts("Bad Data Hash\n");
- bootstage_error(bootstage_id +
- BOOTSTAGE_SUB_HASH);
- return -EACCES;
- }
- puts("OK\n");
+
+ if (IMAGE_ENABLE_VERIFY && images->verify) {
+ puts(" Verifying Hash Integrity ... ");
+ if (fit_config_verify(fit, cfg_noffset)) {
+ puts("Bad Data Hash\n");
+ bootstage_error(bootstage_id +
+ BOOTSTAGE_SUB_HASH);
+ return -EACCES;
}
- bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG);
+ puts("OK\n");
}
+ bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG);
+
noffset = fit_conf_get_prop_node(fit, cfg_noffset,
prop_name);
fit_uname = fit_get_name(fit, noffset, NULL);
--
2.16.2
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
