diff options
| author | Simon Glass <sjg@chromium.org> | 2021-11-12 12:28:10 -0700 |
|---|---|---|
| committer | Simon Glass <sjg@chromium.org> | 2022-01-26 08:50:44 -0700 |
| commit | 99f844ba3a6b3ddd73742cddf7dee955bbb96c61 (patch) | |
| tree | 27fbc1ca8b923dcfa06f090e6d0337993f0c9940 /include | |
| parent | 2ad90b395313a7350cfb0543b4979a24746413b3 (diff) | |
| download | u-boot-99f844ba3a6b3ddd73742cddf7dee955bbb96c61.tar.gz | |
tools: Pass the key blob around
At present we rely on the key blob being in the global_data fdt_blob
pointer. This is true in U-Boot but not with tools. For clarity, pass the
parameter around.
Signed-off-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/image.h | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/include/image.h b/include/image.h index 15cfb2c54b..780b624c8c 100644 --- a/include/image.h +++ b/include/image.h @@ -1048,8 +1048,19 @@ int fit_add_verification_data(const char *keydir, const char *keyfile, int require_keys, const char *engine_id, const char *cmdname, const char *algo_name); +/** + * fit_image_verify_with_data() - Verify an image with given data + * + * @fit: Pointer to the FIT format image header + * @image_offset: Offset in @fit of image to verify + * @key_blob: FDT containing public keys + * @data: Image data to verify + * @size: Size of image data + */ int fit_image_verify_with_data(const void *fit, int image_noffset, - const void *data, size_t size); + const void *key_blob, const void *data, + size_t size); + int fit_image_verify(const void *fit, int noffset); int fit_config_verify(const void *fit, int conf_noffset); int fit_all_image_verify(const void *fit); @@ -1297,7 +1308,7 @@ struct padding_algo *image_get_padding_algo(const char *name); * @image_noffset: Offset of image node to check * @data: Image data to check * @size: Size of image data - * @sig_blob: FDT containing public keys + * @key_blob: FDT containing public keys * @no_sigsp: Returns 1 if no signatures were required, and * therefore nothing was checked. The caller may wish * to fall back to other mechanisms, or refuse to @@ -1305,7 +1316,7 @@ struct padding_algo *image_get_padding_algo(const char *name); * Return: 0 if all verified ok, <0 on error */ int fit_image_verify_required_sigs(const void *fit, int image_noffset, - const char *data, size_t size, const void *sig_blob, + const char *data, size_t size, const void *key_blob, int *no_sigsp); /** @@ -1315,7 +1326,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, * @noffset: Offset of signature node to check * @data: Image data to check * @size: Size of image data - * @required_keynode: Offset in the control FDT of the required key node, + * @keyblob: Key blob to check (typically the control FDT) + * @required_keynode: Offset in the keyblob of the required key node, * if any. If this is given, then the image wil not * pass verification unless that key is used. If this is * -1 then any signature will do. @@ -1324,7 +1336,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, * Return: 0 if all verified ok, <0 on error */ int fit_image_check_sig(const void *fit, int noffset, const void *data, - size_t size, int required_keynode, char **err_msgp); + size_t size, const void *key_blob, int required_keynode, + char **err_msgp); int fit_image_decrypt_data(const void *fit, int image_noffset, int cipher_noffset, |