u-boot/tools/fit_check_sign.c
Luca Boccassi 7d57485a8a tools: use read-only mmap in fit_check_sign
Add an option to open files in read-only mode in mmap_fdt so
that fit_check_sign can be used to inspect files on read-only
filesystems.
For example, this is useful when a key is shipped in a read-only
rootfs or squashfs.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
2019-05-18 12:32:02 -04:00

97 lines
2.0 KiB
C

// SPDX-License-Identifier: GPL-2.0+
/*
* (C) Copyright 2014
* DENX Software Engineering
* Heiko Schocher <hs@denx.de>
*
* Based on:
* (C) Copyright 2008 Semihalf
*
* (C) Copyright 2000-2004
* DENX Software Engineering
* Wolfgang Denk, wd@denx.de
*
* Updated-by: Prafulla Wadaskar <prafulla@marvell.com>
* FIT image specific code abstracted from mkimage.c
* some functions added to address abstraction
*
* All rights reserved.
*/
#include "mkimage.h"
#include "fit_common.h"
#include <image.h>
#include <u-boot/crc.h>
void usage(char *cmdname)
{
fprintf(stderr, "Usage: %s -f fit file -k key file\n"
" -f ==> set fit file which should be checked'\n"
" -k ==> set key file which contains the key'\n",
cmdname);
exit(EXIT_FAILURE);
}
int main(int argc, char **argv)
{
int ffd = -1;
int kfd = -1;
struct stat fsbuf;
struct stat ksbuf;
void *fit_blob;
char *fdtfile = NULL;
char *keyfile = NULL;
char cmdname[256];
int ret;
void *key_blob;
int c;
strncpy(cmdname, *argv, sizeof(cmdname) - 1);
cmdname[sizeof(cmdname) - 1] = '\0';
while ((c = getopt(argc, argv, "f:k:")) != -1)
switch (c) {
case 'f':
fdtfile = optarg;
break;
case 'k':
keyfile = optarg;
break;
default:
usage(cmdname);
break;
}
if (!fdtfile) {
fprintf(stderr, "%s: Missing fdt file\n", *argv);
usage(*argv);
}
if (!keyfile) {
fprintf(stderr, "%s: Missing key file\n", *argv);
usage(*argv);
}
ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false, true);
if (ffd < 0)
return EXIT_FAILURE;
kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false, true);
if (kfd < 0)
return EXIT_FAILURE;
image_set_host_blob(key_blob);
ret = fit_check_sign(fit_blob, key_blob);
if (!ret) {
ret = EXIT_SUCCESS;
fprintf(stderr, "Signature check OK\n");
} else {
ret = EXIT_FAILURE;
fprintf(stderr, "Signature check Bad (error %d)\n", ret);
}
(void) munmap((void *)fit_blob, fsbuf.st_size);
(void) munmap((void *)key_blob, ksbuf.st_size);
close(ffd);
close(kfd);
exit(ret);
}