From 919f550dc11a13abf01c6bc713c968de790b8d7c Mon Sep 17 00:00:00 2001 From: Bartlomiej Sieka Date: Tue, 9 Sep 2008 12:58:15 +0200 Subject: [PATCH] FIT: add ability to check hashes of all images in FIT, improve output - add function fit_all_image_check_hashes() that verifies if all hashes of all images in the FIT are valid - improve output of fit_image_check_hashes() when the hash check fails Signed-off-by: Bartlomiej Sieka --- common/image.c | 61 +++++++++++++++++++++++++++++++++++++++++++++---- include/image.h | 1 + 2 files changed, 57 insertions(+), 5 deletions(-) diff --git a/common/image.c b/common/image.c index b0119327b..f7e8606cc 100644 --- a/common/image.c +++ b/common/image.c @@ -2645,27 +2645,29 @@ int fit_image_check_hashes (const void *fit, int image_noffset) continue; if (fit_image_hash_get_algo (fit, noffset, &algo)) { - err_msg = "Can't get hash algo property"; + err_msg = " error!\nCan't get hash algo " + "property"; goto error; } printf ("%s", algo); if (fit_image_hash_get_value (fit, noffset, &fit_value, &fit_value_len)) { - err_msg = "Can't get hash value property"; + err_msg = " error!\nCan't get hash value " + "property"; goto error; } if (calculate_hash (data, size, algo, value, &value_len)) { - err_msg = "Unsupported hash algorithm"; + err_msg = " error!\nUnsupported hash algorithm"; goto error; } if (value_len != fit_value_len) { - err_msg = "Bad hash value len"; + err_msg = " error !\nBad hash value len"; goto error; } else if (memcmp (value, fit_value, value_len) != 0) { - err_msg = "Bad hash value"; + err_msg = " error!\nBad hash value"; goto error; } printf ("+ "); @@ -2681,6 +2683,55 @@ error: return 0; } +/** + * fit_all_image_check_hashes - verify data intergity for all images + * @fit: pointer to the FIT format image header + * + * fit_all_image_check_hashes() goes over all images in the FIT and + * for every images checks if all it's hashes are valid. + * + * returns: + * 1, if all hashes of all images are valid + * 0, otherwise (or on error) + */ +int fit_all_image_check_hashes (const void *fit) +{ + int images_noffset; + int noffset; + int ndepth; + int count; + + /* Find images parent node offset */ + images_noffset = fdt_path_offset (fit, FIT_IMAGES_PATH); + if (images_noffset < 0) { + printf ("Can't find images parent node '%s' (%s)\n", + FIT_IMAGES_PATH, fdt_strerror (images_noffset)); + return 0; + } + + /* Process all image subnodes, check hashes for each */ + printf ("## Checking hash(es) for FIT Image at %08lx ...\n", + (ulong)fit); + for (ndepth = 0, count = 0, + noffset = fdt_next_node (fit, images_noffset, &ndepth); + (noffset >= 0) && (ndepth > 0); + noffset = fdt_next_node (fit, noffset, &ndepth)) { + if (ndepth == 1) { + /* + * Direct child node of the images parent node, + * i.e. component image node. + */ + printf (" Hash(es) for Image %u (%s): ", count++, + fit_get_name (fit, noffset, NULL)); + + if (!fit_image_check_hashes (fit, noffset)) + return 0; + printf ("\n"); + } + } + return 1; +} + /** * fit_image_check_os - check whether image node is of a given os type * @fit: pointer to the FIT format image header diff --git a/include/image.h b/include/image.h index 46544858c..8c63686d4 100644 --- a/include/image.h +++ b/include/image.h @@ -574,6 +574,7 @@ int fit_image_hash_set_value (void *fit, int noffset, uint8_t *value, int value_len); int fit_image_check_hashes (const void *fit, int noffset); +int fit_all_image_check_hashes (const void *fit); int fit_image_check_os (const void *fit, int noffset, uint8_t os); int fit_image_check_arch (const void *fit, int noffset, uint8_t arch); int fit_image_check_type (const void *fit, int noffset, uint8_t type);