SHA512 checksum is a 512-bit (64-byte) hash value used to check that
the image contents have not been corrupted.
+config FIT_FULL_CHECK
+ bool "Do a full check of the FIT before using it"
+ default y
+ help
+ Enable this do a full check of the FIT to make sure it is valid. This
+ helps to protect against carefully crafted FITs which take advantage
+ of bugs or omissions in the code. This includes a bad structure,
+ multiple root nodes and the like.
+
config FIT_SIGNATURE
bool "Enable signature verification of FIT uImages"
depends on DM
select RSA
select RSA_VERIFY
select IMAGE_SIGN_INFO
+ select FIT_FULL_CHECK
help
This option enables signature verification of FIT uImages,
using a hash signed and verified using RSA. If
help
Support printing the content of the fitImage in a verbose manner in SPL.
+config SPL_FIT_FULL_CHECK
+ bool "Do a full check of the FIT before using it"
+ help
+ Enable this do a full check of the FIT to make sure it is valid. This
+ helps to protect against carefully crafted FITs which take advantage
+ of bugs or omissions in the code. This includes a bad structure,
+ multiple root nodes and the like.
+
+
config SPL_FIT_SIGNATURE
bool "Enable signature verification of FIT firmware within SPL"
depends on SPL_DM
select SPL_RSA
select SPL_RSA_VERIFY
select SPL_IMAGE_SIGN_INFO
+ select SPL_FIT_FULL_CHECK
config SPL_LOAD_FIT
bool "Enable SPL loading U-Boot as a FIT (basic fitImage features)"
return -ENOEXEC;
}
+ if (CONFIG_IS_ENABLED(FIT_FULL_CHECK)) {
+ /*
+ * If we are not given the size, make do wtih calculating it.
+ * This is not as secure, so we should consider a flag to
+ * control this.
+ */
+ if (size == IMAGE_SIZE_INVAL)
+ size = fdt_totalsize(fit);
+ ret = fdt_check_full(fit, size);
+
+ if (ret) {
+ log_debug("FIT check error %d\n", ret);
+ return -EINVAL;
+ }
+ }
+
/* mandatory / node 'description' property */
if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) {
log_debug("Wrong FIT format: no description\n");