tools: mkimage: Show where signatures/keys are written

At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.

Sample:

   Signature written to 'sha1-basic/test.fit',
       node '/configurations/conf-1/signature'
   Public key written to 'sha1-basic/sandbox-u-boot.dtb',
       node '/signature/key-dev'

Signed-off-by: Simon Glass <sjg@chromium.org>

diff --git a/include/image.h b/include/image.h
index cf38aecaa9bb143fe8d5d71f49f4499d65041748..97e5f2eb24d6c5222608bdb3de536c7a0d5003e7 100644 (file)
--- a/include/image.h
+++ b/include/image.h
@@ -1021,6 +1021,25 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
                    const char *comment, int require_keys,
                    const char *engine_id, const char *cmdname);
 
+#define NODE_MAX_NAME_LEN      80
+
+/**
+ * struct image_summary  - Provides information about signing info added
+ *
+ * @sig_offset: Offset of the node in the blob devicetree where the signature
+ *     was wriiten
+ * @sig_path: Path to @sig_offset
+ * @keydest_offset: Offset of the node in the keydest devicetree where the
+ *     public key was written (-1 if none)
+ * @keydest_path: Path to @keydest_offset
+ */
+struct image_summary {
+       int sig_offset;
+       char sig_path[NODE_MAX_NAME_LEN];
+       int keydest_offset;
+       char keydest_path[NODE_MAX_NAME_LEN];
+};
+
 /**
  * fit_add_verification_data() - add verification data to FIT image nodes
  *
@@ -1032,6 +1051,7 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
  * @engine_id: Engine to use for signing
  * @cmdname:   Command name used when reporting errors
  * @algo_name: Algorithm name, or NULL if to be read from FIT
+ * @summary:   Returns information about what data was written
  *
  * Adds hash values for all component images in the FIT blob.
  * Hashes are calculated for all component images which have hash subnodes
@@ -1046,7 +1066,8 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
 int fit_add_verification_data(const char *keydir, const char *keyfile,
                              void *keydest, void *fit, const char *comment,
                              int require_keys, const char *engine_id,
-                             const char *cmdname, const char *algo_name);
+                             const char *cmdname, const char *algo_name,
+                             struct image_summary *summary);
 
 /**
  * fit_image_verify_with_data() - Verify an image with given data

diff --git a/tools/fit_common.c b/tools/fit_common.c
index 5ea43f5fec87256e5af411eefeeee389199cef97..01649760ac00c65653eb58bbc6e253f0994de822 100644 (file)
--- a/tools/fit_common.c
+++ b/tools/fit_common.c
@@ -175,3 +175,16 @@ int copyfile(const char *src, const char *dst)
 
        return ret;
 }
+
+void summary_show(struct image_summary *summary, const char *imagefile,
+                 const char *keydest)
+{
+       if (summary->sig_offset) {
+               printf("Signature written to '%s', node '%s'\n", imagefile,
+                      summary->sig_path);
+               if (keydest) {
+                       printf("Public key written to '%s', node '%s'\n",
+                              keydest, summary->keydest_path);
+               }
+       }
+}

diff --git a/tools/fit_common.h b/tools/fit_common.h
index c600dc2ba48a1ef74a5a6ee3bbdad332a066255a..920a16acfdb2e4230a2ed7b7f723cbbf3fc206ea 100644 (file)
--- a/tools/fit_common.h
+++ b/tools/fit_common.h
@@ -52,4 +52,14 @@ int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
  */
 int copyfile(const char *src, const char *dst);
 
+/**
+ * summary_show() - Show summary information about the signing process
+ *
+ * @summary: Summary info to show
+ * @imagefile: Filename of the output image
+ * @keydest: Filename where the key information is written (NULL if none)
+ */
+void summary_show(struct image_summary *summary, const char *imagefile,
+                 const char *keydest);
+
 #endif /* _FIT_COMMON_H_ */

diff --git a/tools/fit_image.c b/tools/fit_image.c
index 0e31f7dca6e403f61a58a408f2c964f2e607a488..15f7c82d619320e4ed1653c4bc57bf3d03085ae2 100644 (file)
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -74,7 +74,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
                                                params->require_keys,
                                                params->engine_id,
                                                params->cmdname,
-                                               params->algo_name);
+                                               params->algo_name,
+                                               &params->summary);
        }
 
        if (dest_blob) {

diff --git a/tools/image-host.c b/tools/image-host.c
index 030d4eb89c45b06f0012d69adf8daa725799e15c..eaeb76545c6bc0165620c12caf04f686bdce2f90 100644 (file)
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -1071,7 +1071,8 @@ static int fit_config_process_sig(const char *keydir, const char *keyfile,
 static int fit_config_add_verification_data(const char *keydir,
                const char *keyfile, void *keydest, void *fit, int conf_noffset,
                const char *comment, int require_keys, const char *engine_id,
-               const char *cmdname, const char *algo_name)
+               const char *cmdname, const char *algo_name,
+               struct image_summary *summary)
 {
        const char *conf_name;
        int noffset;
@@ -1091,9 +1092,20 @@ static int fit_config_add_verification_data(const char *keydir,
                        ret = fit_config_process_sig(keydir, keyfile, keydest,
                                fit, conf_name, conf_noffset, noffset, comment,
                                require_keys, engine_id, cmdname, algo_name);
+                       if (ret < 0)
+                               return ret;
+
+                       summary->sig_offset = noffset;
+                       fdt_get_path(fit, noffset, summary->sig_path,
+                                    sizeof(summary->sig_path));
+
+                       if (keydest) {
+                               summary->keydest_offset = ret;
+                               fdt_get_path(keydest, ret,
+                                            summary->keydest_path,
+                                            sizeof(summary->keydest_path));
+                       }
                }
-               if (ret < 0)
-                       return ret;
        }
 
        return 0;
@@ -1137,7 +1149,8 @@ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
 int fit_add_verification_data(const char *keydir, const char *keyfile,
                              void *keydest, void *fit, const char *comment,
                              int require_keys, const char *engine_id,
-                             const char *cmdname, const char *algo_name)
+                             const char *cmdname, const char *algo_name,
+                             struct image_summary *summary)
 {
        int images_noffset, confs_noffset;
        int noffset;
@@ -1186,7 +1199,7 @@ int fit_add_verification_data(const char *keydir, const char *keyfile,
                                                       fit, noffset, comment,
                                                       require_keys,
                                                       engine_id, cmdname,
-                                                      algo_name);
+                                                      algo_name, summary);
                if (ret)
                        return ret;
        }

diff --git a/tools/imagetool.h b/tools/imagetool.h
index b7ac3a23d0ffb3cd623ab02eb052a448bb5cb1d6..413e97cbeb2f9a6445702e75ce61da396495bb80 100644 (file)
--- a/tools/imagetool.h
+++ b/tools/imagetool.h
@@ -21,6 +21,8 @@
 #include <unistd.h>
 #include <u-boot/sha1.h>
 
+#include <image.h>
+
 #include "fdt_host.h"
 
 #define ARRAY_SIZE(x)          (sizeof(x) / sizeof((x)[0]))
@@ -84,6 +86,7 @@ struct image_tool_params {
        int bl_len;             /* Block length in byte for external data */
        const char *engine_id;  /* Engine to use for signing */
        bool reset_timestamp;   /* Reset the timestamp on an existing image */
+       struct image_summary summary;   /* results of signing process */
 };
 
 /*

diff --git a/tools/mkimage.c b/tools/mkimage.c
index 0ec28da33cbea434789f0bf4103ec58807196179..c8f4ecd473d2b29d82cf9ce4f23c0ac925d25225 100644 (file)
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -10,6 +10,7 @@
 #include "imagetool.h"
 #include "mkimage.h"
 #include "imximage.h"
+#include <fit_common.h>
 #include <image.h>
 #include <version.h>
 #ifdef __linux__
@@ -472,6 +473,9 @@ int main(int argc, char **argv)
 
                (void) munmap((void *)ptr, sbuf.st_size);
                (void) close (ifd);
+               if (!retval)
+                       summary_show(&params.summary, params.imagefile,
+                                    params.keydest);
 
                exit (retval);
        }