[PATCH] FIT: make RSA signature verification configurable

Marc Kleine-Budde mkl at pengutronix.de
Sun Jan 10 10:14:52 PST 2016 

On 01/08/2016 05:43 PM, Yegor Yefremov wrote:
> On Fri, Jan 8, 2016 at 5:11 PM, Marc Kleine-Budde <mkl at pengutronix.de> wrote:
>> On 01/08/2016 02:24 PM, yegorslists at googlemail.com wrote:
>>> From: Yegor Yefremov <yegorslists at googlemail.com>
>>>
>>> Signed-off-by: Yegor Yefremov <yegorslists at googlemail.com>

[...]

>>> diff --git a/common/image-fit.c b/common/image-fit.c
>>> index 296285b..96cc3e2 100644
>>> --- a/common/image-fit.c
>>> +++ b/common/image-fit.c
>>> @@ -40,6 +40,7 @@
>>>  #define CHECK_LEVEL_SIG 2
>>>  #define CHECK_LEVEL_MAX 3
>>>
>>> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
>>>  static uint32_t dt_struct_advance(struct fdt_header *f, uint32_t dt, int size)
>>
>> remove the ifdef.
> 
> What about compile warnings, i.e. function defined, but not used?

add __maybe_unused if needed.

> 
>>>  {
>>>       dt += size;
>>> @@ -342,6 +343,7 @@ static int fit_verify_signature(struct device_node *sig_node, void *fit)
>>>   out:
>>>       return ret;
>>>  }
>>> +#endif
>>>
>>>  static int fit_verify_hash(struct device_node *hash, const void *data, int data_len)
>>>  {
>>> @@ -453,10 +455,13 @@ static int fit_open_image(struct fit_handle *handle, const char* unit)
>>>
>>>  static int fit_open_configuration(struct fit_handle *handle, int num)
>>>  {
>>> -     struct device_node *conf_node = NULL, *sig_node;
>>> +     struct device_node *conf_node = NULL;
>>>       char unit_name[10];
>>>       const char *unit, *desc;
>>> -     int ret, level;
>>> +     int level;
>>> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
>>> +     struct device_node *sig_node;
>>> +#endif
>>
>> please remove the ifdef
>>
>>>
>>>       conf_node = of_get_child_by_name(handle->root, "configurations");
>>>       if (!conf_node)
>>> @@ -482,7 +487,10 @@ static int fit_open_configuration(struct fit_handle *handle, int num)
>>>       }
>>>
>>>       level = CHECK_LEVEL_MAX;
>>> +
>>> +#ifdef CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE
>>
>> please replace the ifdef by
>>
>> if (IS_ENABLED(CONFIG_CMD_BOOTM_FITIMAGE_SIGNATURE))
>>
>>>       for_each_child_of_node(conf_node, sig_node) {
>>> +             int ret;
>>>               if (handle->verbose)
>>>                       of_print_nodes(sig_node, 0);
>>>               ret = fit_verify_signature(sig_node, handle->fit);
>>> @@ -495,6 +503,9 @@ static int fit_open_configuration(struct fit_handle *handle, int num)
>>>
>>>       if (level != CHECK_LEVEL_SIG)
>>>               return -EINVAL;
>>> +#else
>>> +     level = CHECK_LEVEL_SIG;
>>> +#endif
>>>
>>>       if (of_property_read_string(conf_node, "kernel", &unit) == 0)
>>>               level = min(level, fit_open_image(handle, unit));
>>>
> 
> Will you include my patch in your patch series, if you'll send v3 or
> are you just going to squash my patch into your FIT patch?

I'll take your patch as a separate patch in my series.

Marc

-- 
Pengutronix e.K.                  | Marc Kleine-Budde           |
Industrial Linux Solutions        | Phone: +49-231-2826-924     |
Vertretung West/Dortmund          | Fax:   +49-5121-206917-5555 |
Amtsgericht Hildesheim, HRA 2686  | http://www.pengutronix.de   |

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/barebox/attachments/20160110/bd365913/attachment.sig>

More information about the barebox mailing list