@@ -1041,8 +1041,8 @@ int fit_image_verify(const void *fit, int image_noffset)
} else if (IMAGE_ENABLE_VERIFY && verify_all &&
!strncmp(name, FIT_SIG_NODENAME,
strlen(FIT_SIG_NODENAME))) {
- ret = fit_image_check_sig(fit, noffset, data,
- size, -1, &err_msg);
+ ret = fit_image_check_sig(fit, noffset, data, size,
+ gd_fdt_blob(), -1,&err_msg);
/*
* Show an indication on failure, but do not return
@@ -146,8 +146,8 @@ struct image_region *fit_region_make_list(const void *fit,
}
static int fit_image_setup_verify(struct image_sign_info *info,
- const void *fit, int noffset, int required_keynode,
- char **err_msgp)
+ const void *fit, int noffset, const void *sig_blob,
+ int required_keynode, char **err_msgp)
{
char *algo_name;
@@ -160,7 +160,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
info->fit = (void *)fit;
info->node_offset = noffset;
info->algo = image_get_sig_algo(algo_name);
- info->fdt_blob = gd_fdt_blob();
+ info->fdt_blob = sig_blob;
info->required_keynode = required_keynode;
printf("%s:%s", algo_name, info->keyname);
@@ -173,7 +173,8 @@ static int fit_image_setup_verify(struct image_sign_info *info,
}
int fit_image_check_sig(const void *fit, int noffset, const void *data,
- size_t size, int required_keynode, char **err_msgp)
+ size_t size, const void *sig_blob, int required_keynode,
+ char **err_msgp)
{
struct image_sign_info info;
struct image_region region;
@@ -181,8 +182,8 @@ int fit_image_check_sig(const void *fit, int noffset, const void *data,
int fit_value_len;
*err_msgp = NULL;
- if (fit_image_setup_verify(&info, fit, noffset, required_keynode,
- err_msgp))
+ if (fit_image_setup_verify(&info, fit, noffset, sig_blob,
+ required_keynode, err_msgp))
return -1;
if (fit_image_hash_get_value(fit, noffset, &fit_value,
@@ -218,7 +219,8 @@ static int fit_image_verify_sig(const void *fit, int image_noffset,
if (!strncmp(name, FIT_SIG_NODENAME,
strlen(FIT_SIG_NODENAME))) {
ret = fit_image_check_sig(fit, noffset, data,
- size, -1, &err_msg);
+ size, sig_blob, sig_offset,
+ &err_msg);
if (ret) {
puts("- ");
} else {
@@ -283,8 +285,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
return 0;
}
-int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
- char **err_msgp)
+int fit_config_check_sig(const void *fit, int noffset, const void *sig_blob,
+ int required_keynode, char **err_msgp)
{
char * const exc_prop[] = {"data"};
const char *prop, *end, *name;
@@ -299,10 +301,10 @@ int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__, gd_fdt_blob(),
fit_get_name(fit, noffset, NULL),
- fit_get_name(gd_fdt_blob(), required_keynode, NULL));
+ fit_get_name(sig_blob, required_keynode, NULL));
*err_msgp = NULL;
- if (fit_image_setup_verify(&info, fit, noffset, required_keynode,
- err_msgp))
+ if (fit_image_setup_verify(&info, fit, noffset, sig_blob,
+ required_keynode, err_msgp))
return -1;
if (fit_image_hash_get_value(fit, noffset, &fit_value,
@@ -398,8 +400,8 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset,
if (!strncmp(name, FIT_SIG_NODENAME,
strlen(FIT_SIG_NODENAME))) {
- ret = fit_config_check_sig(fit, noffset, sig_offset,
- &err_msg);
+ ret = fit_config_check_sig(fit, noffset, sig_blob,
+ sig_offset, &err_msg);
if (ret) {
puts("- ");
} else {
@@ -783,6 +783,7 @@ int bootz_setup(ulong image, ulong *start, ulong *end);
#define FIT_IMAGES_PATH "/images"
#define FIT_CONFS_PATH "/configurations"
+#define FIT_KEYS_PATH "/keys"
/* hash/signature node */
#define FIT_HASH_NODENAME "hash"
@@ -810,6 +811,10 @@ int bootz_setup(ulong image, ulong *start, ulong *end);
#define FIT_DEFAULT_PROP "default"
#define FIT_SETUP_PROP "setup"
+/* key node */
+#define FIT_NOSIGN_PROP "no-resign"
+
#define FIT_MAX_HASH_LEN HASH_MAX_DIGEST_SIZE
#if IMAGE_ENABLE_FIT
@@ -1090,8 +1095,9 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
* @noffset: Offset of signature node to check
* @data: Image data to check
* @size: Size of image data
- * @required_keynode: Offset in the control FDT of the required key node,
- * if any. If this is given, then the image wil not
+ * @sig_blob: FDT to use as the key store
+ * @required_keynode: Offset in the key store of the required key node,
+ * if any. If this is given, then the image will not
* pass verification unless that key is used. If this is
* -1 then any signature will do.
* @err_msgp: In the event of an error, this will be pointed to a
@@ -1099,7 +1105,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
* @return 0 if all verified ok, <0 on error
*/
int fit_image_check_sig(const void *fit, int noffset, const void *data,
- size_t size, int required_keynode, char **err_msgp);
+ size_t size, const void *sig_blob, int required_keynode,
+ char **err_msgp);
/**
* fit_region_make_list() - Make a list of regions to hash
@@ -56,7 +56,7 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
return -EINVAL;
}
- debug("Checksum algorithm: %s", algo->name);
+ debug("Checksum algorithm: %s\n", algo->name);
/* Sanity check for stack size */
if (sig_len > RSA_MAX_SIG_BITS / 8) {
@@ -655,7 +655,7 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest,
int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
const char *comment, int require_keys)
{
- int images_noffset, confs_noffset;
+ int images_noffset, confs_noffset, keys_noffset;
int noffset;
int ret;
@@ -685,10 +685,29 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
if (!IMAGE_ENABLE_SIGN || !keydir)
return 0;
+ /**
+ * Inputs may request key signing.
+ * Signed keys are intended to extend the keystore used to verify
+ * images and configurations. They work similarly to images
+ * in that the key's data property includes the signed content.
+ */
+ keys_noffset = fdt_path_offset(fit, FIT_KEYS_PATH);
+ for (noffset = fdt_first_subnode(fit, keys_noffset);
+ noffset >= 0;
+ noffset = fdt_next_subnode(fit, noffset)) {
+ if (fdt_getprop(fit, noffset, FIT_NOSIGN_PROP, NULL) != NULL) {
+ /* Resigning keys should be cowardly avoided. */
+ continue;
+ }
+ ret = fit_image_add_verification_data(keydir, keydest,
+ fit, noffset, comment,
+ require_keys);
+ }
+
/* Find configurations parent node offset */
confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
if (confs_noffset < 0) {
- printf("Can't find images parent node '%s' (%s)\n",
+ printf("Can't find configurations parent node '%s' (%s)\n",
FIT_CONFS_PATH, fdt_strerror(confs_noffset));
return -ENOENT;
}