From patchwork Fri Oct 27 06:04:20 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Masahiro Yamada <yamada.masahiro@socionext.com>
X-Patchwork-Id: 831105
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=nifty.com header.i=@nifty.com
	header.b="irJp246Z"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 3yNYKl4HT3z9t2d
	for <incoming@patchwork.ozlabs.org>;
	Fri, 27 Oct 2017 17:06:35 +1100 (AEDT)
Received: by lists.denx.de (Postfix, from userid 105)
	id 56067C21C34; Fri, 27 Oct 2017 06:06:25 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id AD45CC21CEC;
	Fri, 27 Oct 2017 06:05:25 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 51FB8C21C29; Fri, 27 Oct 2017 06:05:23 +0000 (UTC)
Received: from conuserg-07.nifty.com (conuserg-07.nifty.com [210.131.2.74])
	by lists.denx.de (Postfix) with ESMTPS id CAC96C21C34
	for <u-boot@lists.denx.de>; Fri, 27 Oct 2017 06:05:21 +0000 (UTC)
Received: from pug.e01.socionext.com (p14092-ipngnfx01kyoto.kyoto.ocn.ne.jp
	[153.142.97.92]) (authenticated)
	by conuserg-07.nifty.com with ESMTP id v9R64Ogu013972;
	Fri, 27 Oct 2017 15:04:24 +0900
DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-07.nifty.com v9R64Ogu013972
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com;
	s=dec2015msa; t=1509084264;
	bh=8ApH3odgDBE25fj2NnwdpMTfZ8of8LkRx3jVFZOhPU0=;
	h=From:To:Cc:Subject:Date:From;
	b=irJp246ZsbLO52bxmzXcr0AMRTbHlKbhdAvnE8qdgoqwh1Z9mZPvqlKQ/bX3ap0iw
	0YjjtbuXsWGg2vKj/4kebEwF3pNfL6UwVuaKivAOIeriYYpSUlQltGVpY3o3Z3uuF9
	rxvt2IrUMKkJwXpa9cHbx+YliTz9/Su6XNsZRi1eolCqx6czOPqy2grm/407oa/Rjc
	Qq8ReIbC78dp6IAV2MpCPkX2zeeWuITVgEUo1HU+RSpmYASxO4e902IrCOdmWzUF3l
	2xVC/PIO+jHxdQxqkmO7UIKrq9qvXgRNU/L0iXByxFJ6Ri06wFKBRR4PbfvdCJntP6
	/sXKhpjAHJwKg==
X-Nifty-SrcIP: [153.142.97.92]
From: Masahiro Yamada <yamada.masahiro@socionext.com>
To: u-boot@lists.denx.de
Date: Fri, 27 Oct 2017 15:04:20 +0900
Message-Id: <1509084261-16126-1-git-send-email-yamada.masahiro@socionext.com>
X-Mailer: git-send-email 2.7.4
Cc: Tom Rini <trini@konsulko.com>
Subject: [U-Boot] [PATCH 1/2] tools: image: allow to sign image nodes
	without -K option
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

If -K option is missing when you sign image nodes, it fails with
an unclear error message:

  tools/mkimage Can't add hashes to FIT blob: -1

It is hard to figure out the cause of the failure.

In contrast, when you sign configuration nodes, -K is optional because
fit_config_process_sig() returns successfully if keydest is unset.
Probably this is a preferred behavior when you want to update FIT with
the same key; you do not have to update the public key in this case.

So, this commit changes fit_image_process_sig() to continue signing
without keydest.  If ->add_verify_data() fails, show a clearer error
message, which has been borrowed from fit_config_process_sig().

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
---

 tools/image-host.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/tools/image-host.c b/tools/image-host.c
index ad9a73a..d42c1ca 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -242,18 +242,19 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
 	/* Get keyname again, as FDT has changed and invalidated our pointer */
 	info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
 
-	if (keydest)
-		ret = info.crypto->add_verify_data(&info, keydest);
-	else
-		return -1;
-
 	/*
 	 * Write the public key into the supplied FDT file; this might fail
 	 * several times, since we try signing with successively increasing
 	 * size values
 	 */
-	if (keydest && ret)
-		return ret;
+	if (keydest) {
+		ret = info.crypto->add_verify_data(&info, keydest);
+		if (ret) {
+			printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
+			       node_name, image_name);
+			return ret;
+		}
+	}
 
 	return 0;
 }

From patchwork Fri Oct 27 06:04:21 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Masahiro Yamada <yamada.masahiro@socionext.com>
X-Patchwork-Id: 831104
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=nifty.com header.i=@nifty.com
	header.b="ojATF2tQ"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 3yNYJf0X7hz9t2d
	for <incoming@patchwork.ozlabs.org>;
	Fri, 27 Oct 2017 17:05:36 +1100 (AEDT)
Received: by lists.denx.de (Postfix, from userid 105)
	id C05F6C21DB5; Fri, 27 Oct 2017 06:05:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 086D4C21C34;
	Fri, 27 Oct 2017 06:05:25 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 47C25C21C46; Fri, 27 Oct 2017 06:05:23 +0000 (UTC)
Received: from conuserg-07.nifty.com (conuserg-07.nifty.com [210.131.2.74])
	by lists.denx.de (Postfix) with ESMTPS id AA394C21C29
	for <u-boot@lists.denx.de>; Fri, 27 Oct 2017 06:05:21 +0000 (UTC)
Received: from pug.e01.socionext.com (p14092-ipngnfx01kyoto.kyoto.ocn.ne.jp
	[153.142.97.92]) (authenticated)
	by conuserg-07.nifty.com with ESMTP id v9R64Ogv013972;
	Fri, 27 Oct 2017 15:04:25 +0900
DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-07.nifty.com v9R64Ogv013972
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com;
	s=dec2015msa; t=1509084265;
	bh=5crAyMSgKwDv8tk6vOxqBuvlhKts9hN25c8A32Agnm0=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=ojATF2tQeqHBSW4XttpO230mR8/yvEpQcj1LKFBZX5Wc/hIueVKDW3w2SVozVrsxf
	AtdUU0ImdEnAWNvFNY5KoDRKQYI9ecz13QJgLgWyPofWJa9ewhGC99qZTx3FkM7bRW
	lucnp3e5CeWyULMKeSQSfFfgrveYEJ4oXCwpsxFKdtRZPJGWe/EoKY5fJ5HEjv0dqO
	F/luUarpiYgMFEYFpk1t/HddzVbqvT/NtmpVdN0/Nn6Ld44YIR3aK714lQy374PtbN
	H6PWUjW9tGC6rTRv3j5lqF4CFImzZxvj1FCIExfp9hsJ5y++dmY0KJPlhOFzD85YG7
	BaJyatgT/jQ0w==
X-Nifty-SrcIP: [153.142.97.92]
From: Masahiro Yamada <yamada.masahiro@socionext.com>
To: u-boot@lists.denx.de
Date: Fri, 27 Oct 2017 15:04:21 +0900
Message-Id: <1509084261-16126-2-git-send-email-yamada.masahiro@socionext.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1509084261-16126-1-git-send-email-yamada.masahiro@socionext.com>
References: <1509084261-16126-1-git-send-email-yamada.masahiro@socionext.com>
Cc: Tom Rini <trini@konsulko.com>
Subject: [U-Boot] [PATCH 2/2] tools: image: fix message when fail to add
	verification data for config
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

This function is called when signing configuration nodes.  Adjust
the error message.

I do not know why we do not need to show the error message in case of
ENOSPC.  Remove the if-conditional that seems unnecessary.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
---

 tools/image-host.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/tools/image-host.c b/tools/image-host.c
index d42c1ca..2c0030b 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -626,10 +626,8 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
 	/* Write the public key into the supplied FDT file */
 	if (keydest) {
 		ret = info.crypto->add_verify_data(&info, keydest);
-		if (ret == -ENOSPC)
-			return -ENOSPC;
 		if (ret) {
-			printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
+			printf("Failed to add verification data for '%s' signature node in '%s' configuration node\n",
 			       node_name, conf_name);
 		}
 		return ret;