tools, fit_check_sign: verify a signed fit image
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.
Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
diff --git a/include/fdt_support.h b/include/fdt_support.h
index 9871e2f..76c9b2e 100644
--- a/include/fdt_support.h
+++ b/include/fdt_support.h
@@ -115,4 +115,9 @@
}
#endif /* ifdef CONFIG_OF_LIBFDT */
+
+#ifdef USE_HOSTCC
+int fdtdec_get_int(const void *blob, int node, const char *prop_name,
+ int default_val);
+#endif
#endif /* ifndef __FDT_SUPPORT_H */
diff --git a/include/image.h b/include/image.h
index 540afaa..2508d7d 100644
--- a/include/image.h
+++ b/include/image.h
@@ -832,7 +832,7 @@
#if defined(CONFIG_FIT_SIGNATURE)
# ifdef USE_HOSTCC
# define IMAGE_ENABLE_SIGN 1
-# define IMAGE_ENABLE_VERIFY 0
+# define IMAGE_ENABLE_VERIFY 1
# include <openssl/evp.h>
#else
# define IMAGE_ENABLE_SIGN 0
@@ -844,7 +844,9 @@
#endif
#ifdef USE_HOSTCC
-# define gd_fdt_blob() NULL
+void *image_get_host_blob(void);
+void image_set_host_blob(void *host_blob);
+# define gd_fdt_blob() image_get_host_blob()
#else
# define gd_fdt_blob() (gd->fdt_blob)
#endif
@@ -881,14 +883,11 @@
const int checksum_len;
const int pad_len;
#if IMAGE_ENABLE_SIGN
- const EVP_MD *(*calculate)(void);
-#else
-#if IMAGE_ENABLE_VERIFY
+ const EVP_MD *(*calculate_sign)(void);
+#endif
void (*calculate)(const struct image_region region[],
int region_count, uint8_t *checksum);
const uint8_t *rsa_padding;
-#endif
-#endif
};
struct image_sig_algo {
@@ -1009,7 +1008,11 @@
static inline int fit_image_check_target_arch(const void *fdt, int node)
{
+#ifndef USE_HOSTCC
return fit_image_check_arch(fdt, node, IH_ARCH_DEFAULT);
+#else
+ return 0;
+#endif
}
#ifdef CONFIG_FIT_VERBOSE