From: Philippe Reynes <philippe.reynes@softathome.com>
Date: Thu, 29 Oct 2020 17:50:29 +0000 (+0100)
Subject: spl: spl_fit.c: enable check of signature for config node in spl/tpl
X-Git-Tag: v2025.01-rc5-pxa1908~2072^2~10^2~1
X-Git-Url: http://git.dujemihanovic.xyz/html/static/git-logo.png?a=commitdiff_plain;h=7d5b1bf6b84489cbbafd6dc679fdac2eda876c74;p=u-boot.git

spl: spl_fit.c: enable check of signature for config node in spl/tpl

This commit add the support of signature check for config node
in spl/tpl when the function spl_load_simple_fit is used.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---

diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index 6418062b93..2fbee4f19f 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -558,6 +558,16 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
 	if (spl_load_simple_fit_skip_processing())
 		return 0;
 
+	if (IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)) {
+		int conf_offset = fit_find_config_node(fit);
+
+		printf("## Checking hash(es) for config %s ... ",
+		       fit_get_name(fit, conf_offset, NULL));
+		if (fit_config_verify(fit, conf_offset))
+			return -EPERM;
+		puts("OK\n");
+	}
+
 	/* find the node holding the images information */
 	images = fdt_path_offset(fit, FIT_IMAGES_PATH);
 	if (images < 0) {