From 2ad90b395313a7350cfb0543b4979a24746413b3 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Fri, 12 Nov 2021 12:28:09 -0700 Subject: [PATCH] tools: Tidy up argument order in fit_config_check_sig() Put the parent node first in the parameters as this is more natural. Also add a comment to explain what is going on. Signed-off-by: Simon Glass --- boot/image-fit-sig.c | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c index e07bacb77a..d6e16c29ed 100644 --- a/boot/image-fit-sig.c +++ b/boot/image-fit-sig.c @@ -226,21 +226,34 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, /** * fit_config_check_sig() - Check the signature of a config * + * Here we are looking at a particular signature that needs verification (here + * signature-1): + * + * configurations { + * default = "conf-1"; + * conf-1 { + * kernel = "kernel-1"; + * fdt = "fdt-1"; + * signature-1 { + * algo = "sha1,rsa2048"; + * value = <...conf 1 signature...>; + * }; + * }; + * * @fit: FIT to check - * @noffset: Offset of configuration node (e.g. /configurations/conf-1) - * @required_keynode: Offset in the control FDT of the required key node, + * @noffset: Offset of the signature node being checked (e.g. + * /configurations/conf-1/signature-1) + * @conf_noffset: Offset of configuration node (e.g. /configurations/conf-1) + * @required_keynode: Offset in @key_blob of the required key node, * if any. If this is given, then the configuration wil not * pass verification unless that key is used. If this is * -1 then any signature will do. - * @conf_noffset: Offset of the configuration subnode being checked (e.g. - * /configurations/conf-1/kernel) * @err_msgp: In the event of an error, this will be pointed to a * help error string to display to the user. * Return: 0 if all verified ok, <0 on error */ -static int fit_config_check_sig(const void *fit, int noffset, - int required_keynode, int conf_noffset, - char **err_msgp) +static int fit_config_check_sig(const void *fit, int noffset, int conf_noffset, + int required_keynode, char **err_msgp) { static char * const exc_prop[] = { "data", @@ -409,8 +422,8 @@ static int fit_config_verify_key(const void *fit, int conf_noffset, if (!strncmp(name, FIT_SIG_NODENAME, strlen(FIT_SIG_NODENAME))) { - ret = fit_config_check_sig(fit, noffset, key_offset, - conf_noffset, &err_msg); + ret = fit_config_check_sig(fit, noffset, conf_noffset, + key_offset, &err_msg); if (ret) { puts("- "); } else { -- 2.39.5