[PATCH 05/13] move boot verify to generic code

[Jean-Christophe PLAGNIOL-VILLARD]

so we can use it outside of bootm only

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj at jcrosoft.com>
---
 commands/bootm.c      |  6 +++---
 common/Kconfig        |  4 ++++
 common/Makefile       |  1 +
 common/boot_verify.c  | 35 +++++++++++++++++++++++++++++++++++
 common/bootm.c        | 29 +++--------------------------
 common/image-fit.c    | 14 +++++++-------
 common/uimage.c       |  2 +-
 include/boot_verify.h | 20 ++++++++++++++++++++
 include/bootm.h       | 14 +++-----------
 include/image-fit.h   |  4 ++--
 10 files changed, 79 insertions(+), 50 deletions(-)
 create mode 100644 common/boot_verify.c
 create mode 100644 include/boot_verify.h

diff --git a/commands/bootm.c b/commands/bootm.c
index c7cbdbe0f..b35aaa914 100644
--- a/commands/bootm.c
+++ b/commands/bootm.c
@@ -64,11 +64,11 @@ static int do_bootm(int argc, char *argv[])
 	while ((opt = getopt(argc, argv, BOOTM_OPTS)) > 0) {
 		switch(opt) {
 		case 'c':
-			if (data.verify < BOOTM_VERIFY_HASH)
-				data.verify = BOOTM_VERIFY_HASH;
+			if (data.verify < BOOT_VERIFY_HASH)
+				data.verify = BOOT_VERIFY_HASH;
 			break;
 		case 's':
-			data.verify = BOOTM_VERIFY_SIGNATURE;
+			data.verify = BOOT_VERIFY_SIGNATURE;
 			break;
 #ifdef CONFIG_BOOTM_INITRD
 		case 'L':
diff --git a/common/Kconfig b/common/Kconfig
index 895814ee9..00e98e859 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -24,6 +24,9 @@ config HAS_MODULES
 config HAS_SECURE_BOOT
 	bool
 
+config BOOT_VERIFY
+	bool
+
 config HAS_CACHE
 	bool
 	help
@@ -551,6 +554,7 @@ config TIMESTAMP
 
 menuconfig BOOTM
 	select UIMAGE
+	select BOOT_VERIFY
 	default y if COMMAND_SUPPORT
 	bool "bootm support"
 
diff --git a/common/Makefile b/common/Makefile
index 5f58c81d2..5d471a3a0 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -61,6 +61,7 @@ obj-$(CONFIG_UBIFORMAT)		+= ubiformat.o
 obj-$(CONFIG_BAREBOX_UPDATE_IMX_NAND_FCB) += imx-bbu-nand-fcb.o
 obj-$(CONFIG_CONSOLE_RATP)	+= ratp.o
 obj-$(CONFIG_BOOT)		+= boot.o
+obj-$(CONFIG_BOOT_VERIFY)	+= boot_verify.o
 
 quiet_cmd_pwd_h = PWDH    $@
 ifdef CONFIG_PASSWORD
diff --git a/common/boot_verify.c b/common/boot_verify.c
new file mode 100644
index 000000000..afe929e68
--- /dev/null
+++ b/common/boot_verify.c
@@ -0,0 +1,35 @@
+#include <common.h>
+#include <boot_verify.h>
+#include <globalvar.h>
+#include <magicvar.h>
+#include <init.h>
+
+static enum boot_verify boot_verify_mode = BOOT_VERIFY_HASH;
+
+enum boot_verify boot_get_verify_mode(void)
+{
+	return boot_verify_mode;
+}
+
+static const char * const boot_verify_names[] = {
+#ifndef CONFIG_BOOT_FORCE_SIGNED_IMAGES
+	[BOOT_VERIFY_NONE] = "none",
+	[BOOT_VERIFY_HASH] = "hash",
+	[BOOT_VERIFY_AVAILABLE] = "available",
+#endif
+	[BOOT_VERIFY_SIGNATURE] = "signature",
+};
+
+static int init_boot_verify(void)
+{
+	if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES))
+		boot_verify_mode = BOOT_VERIFY_SIGNATURE;
+
+	globalvar_add_simple_enum("boot.verify", (unsigned int *)&boot_verify_mode,
+				  boot_verify_names, ARRAY_SIZE(boot_verify_names));
+
+	return 0;
+}
+late_initcall(init_boot_verify);
+
+BAREBOX_MAGICVAR_NAMED(global_boot_verify, global.boot.verify, "boot default verify level");
diff --git a/common/bootm.c b/common/bootm.c
index 885b09f81..74202a829 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -69,27 +69,11 @@ void bootm_data_init_defaults(struct bootm_data *data)
 	getenv_ul("global.bootm.image.loadaddr", &data->os_address);
 	getenv_ul("global.bootm.initrd.loadaddr", &data->initrd_address);
 	data->initrd_file = getenv_nonempty("global.bootm.initrd");
-	data->verify = bootm_get_verify_mode();
+	data->verify = boot_get_verify_mode();
 	data->appendroot = bootm_appendroot;
 	data->verbose = bootm_verbosity;
 }
 
-static enum bootm_verify bootm_verify_mode = BOOTM_VERIFY_HASH;
-
-enum bootm_verify bootm_get_verify_mode(void)
-{
-	return bootm_verify_mode;
-}
-
-static const char * const bootm_verify_names[] = {
-#ifndef CONFIG_BOOT_FORCE_SIGNED_IMAGES
-	[BOOTM_VERIFY_NONE] = "none",
-	[BOOTM_VERIFY_HASH] = "hash",
-	[BOOTM_VERIFY_AVAILABLE] = "available",
-#endif
-	[BOOTM_VERIFY_SIGNATURE] = "signature",
-};
-
 static int uimage_part_num(const char *partname)
 {
 	if (!partname)
@@ -175,7 +159,7 @@ static int bootm_open_initrd_uimage(struct image_data *data)
 		if (!data->initrd)
 			return -EINVAL;
 
-		if (bootm_get_verify_mode() > BOOTM_VERIFY_NONE) {
+		if (boot_get_verify_mode() > BOOT_VERIFY_NONE) {
 			ret = uimage_verify(data->initrd);
 			if (ret) {
 				printf("Checking data crc failed with %s\n",
@@ -532,7 +516,7 @@ int bootm_boot(struct bootm_data *bootm_data)
 	}
 
 	if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES)) {
-		data->verify = BOOTM_VERIFY_SIGNATURE;
+		data->verify = BOOT_VERIFY_SIGNATURE;
 
 		/*
 		 * When we only allow booting signed images make sure everything
@@ -635,14 +619,8 @@ static int bootm_init(void)
 		globalvar_add_simple("bootm.initrd.loadaddr", NULL);
 	}
 
-	if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES))
-		bootm_verify_mode = BOOTM_VERIFY_SIGNATURE;
-
 	globalvar_add_simple_int("bootm.verbose", &bootm_verbosity, "%u");
 
-	globalvar_add_simple_enum("bootm.verify", (unsigned int *)&bootm_verify_mode,
-				  bootm_verify_names, ARRAY_SIZE(bootm_verify_names));
-
 	return 0;
 }
 late_initcall(bootm_init);
@@ -653,6 +631,5 @@ BAREBOX_MAGICVAR_NAMED(global_bootm_image_loadaddr, global.bootm.image.loadaddr,
 BAREBOX_MAGICVAR_NAMED(global_bootm_initrd, global.bootm.initrd, "bootm default initrd");
 BAREBOX_MAGICVAR_NAMED(global_bootm_initrd_loadaddr, global.bootm.initrd.loadaddr, "bootm default initrd loadaddr");
 BAREBOX_MAGICVAR_NAMED(global_bootm_oftree, global.bootm.oftree, "bootm default oftree");
-BAREBOX_MAGICVAR_NAMED(global_bootm_verify, global.bootm.verify, "bootm default verify level");
 BAREBOX_MAGICVAR_NAMED(global_bootm_verbose, global.bootm.verbose, "bootm default verbosity level (0=quiet)");
 BAREBOX_MAGICVAR_NAMED(global_bootm_appendroot, global.bootm.appendroot, "Add root= option to Kernel to mount rootfs from the device the Kernel comes from");
diff --git a/common/image-fit.c b/common/image-fit.c
index 7563eb955..53f3173fc 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -427,8 +427,8 @@ static int fit_open_image(struct fit_handle *handle, const char *unit, const voi
 		return -EINVAL;
 	}
 
-	if (handle->verify > BOOTM_VERIFY_NONE) {
-		if (handle->verify == BOOTM_VERIFY_AVAILABLE)
+	if (handle->verify > BOOT_VERIFY_NONE) {
+		if (handle->verify == BOOT_VERIFY_AVAILABLE)
 			ret = 0;
 		else
 			ret = -ESECVIOLATION;
@@ -461,13 +461,13 @@ static int fit_config_verify_signature(struct fit_handle *handle, struct device_
 		return 0;
 
 	switch (handle->verify) {
-	case BOOTM_VERIFY_NONE:
-	case BOOTM_VERIFY_HASH:
+	case BOOT_VERIFY_NONE:
+	case BOOT_VERIFY_HASH:
 		return 0;
-	case BOOTM_VERIFY_SIGNATURE:
+	case BOOT_VERIFY_SIGNATURE:
 		ret = -EINVAL;
 		break;
-	case BOOTM_VERIFY_AVAILABLE:
+	case BOOT_VERIFY_AVAILABLE:
 		ret = 0;
 		break;
 	}
@@ -542,7 +542,7 @@ static int fit_open_configuration(struct fit_handle *handle, const char *name)
 }
 
 struct fit_handle *fit_open(const char *filename, const char *config, bool verbose,
-			    enum bootm_verify verify)
+			    enum boot_verify verify)
 {
 	struct fit_handle *handle = NULL;
 	const char *desc = "(no description)";
diff --git a/common/uimage.c b/common/uimage.c
index 72c868882..d1947aa11 100644
--- a/common/uimage.c
+++ b/common/uimage.c
@@ -536,7 +536,7 @@ int uimage_bootm_open(struct image_data *data)
 	if (!data->os)
 		return -EINVAL;
 
-	if (bootm_get_verify_mode() > BOOTM_VERIFY_NONE) {
+	if (boot_get_verify_mode() > BOOT_VERIFY_NONE) {
 		ret = uimage_verify(data->os);
 		if (ret) {
 			printf("Checking data crc failed with %s\n",
diff --git a/include/boot_verify.h b/include/boot_verify.h
new file mode 100644
index 000000000..3a4436584
--- /dev/null
+++ b/include/boot_verify.h
@@ -0,0 +1,20 @@
+#ifndef __BOOT_VERIFY_H__
+#define __BOOT_VERIFY_H__
+
+enum boot_verify {
+	BOOT_VERIFY_NONE,
+	BOOT_VERIFY_HASH,
+	BOOT_VERIFY_AVAILABLE,
+	BOOT_VERIFY_SIGNATURE,
+};
+
+#ifndef CONFIG_BOOT_VERIFY
+static inline enum boot_verify boot_get_verify_mode(void)
+{
+	return BOOT_VERIFY_NONE;
+}
+#else
+enum boot_verify boot_get_verify_mode(void);
+#endif
+
+#endif /* __BOOT_VERIFY_H__ */
diff --git a/include/bootm.h b/include/bootm.h
index 27c9f571e..73b0c8294 100644
--- a/include/bootm.h
+++ b/include/bootm.h
@@ -3,21 +3,15 @@
 
 #include <image.h>
 #include <filetype.h>
+#include <boot_verify.h>
 #include <linux/list.h>
 
-enum bootm_verify {
-	BOOTM_VERIFY_NONE,
-	BOOTM_VERIFY_HASH,
-	BOOTM_VERIFY_SIGNATURE,
-	BOOTM_VERIFY_AVAILABLE,
-};
-
 struct bootm_data {
 	const char *os_file;
 	const char *initrd_file;
 	const char *oftree_file;
 	int verbose;
-	enum bootm_verify verify;
+	enum boot_verify verify;
 	bool force;
 	bool dryrun;
 	/*
@@ -77,7 +71,7 @@ struct image_data {
 	struct fdt_header *oftree;
 	struct resource *oftree_res;
 
-	enum bootm_verify verify;
+	enum boot_verify verify;
 	int verbose;
 	int force;
 	int dryrun;
@@ -120,8 +114,6 @@ int bootm_load_initrd(struct image_data *data, unsigned long load_address);
 int bootm_load_devicetree(struct image_data *data, unsigned long load_address);
 int bootm_get_os_size(struct image_data *data);
 
-enum bootm_verify bootm_get_verify_mode(void);
-
 #define UIMAGE_SOME_ADDRESS (UIMAGE_INVALID_ADDRESS - 1)
 
 #endif /* __BOOTM_H */
diff --git a/include/image-fit.h b/include/image-fit.h
index e817ebfae..bb69ce5af 100644
--- a/include/image-fit.h
+++ b/include/image-fit.h
@@ -26,7 +26,7 @@ struct fit_handle {
 	size_t size;
 
 	bool verbose;
-	enum bootm_verify verify;
+	enum boot_verify verify;
 
 	struct device_node *root;
 
@@ -40,7 +40,7 @@ struct fit_handle {
 
 int fit_bootm_open(struct image_data *data);
 struct fit_handle *fit_open(const char *filename, const char *config, bool verbose,
-			    enum bootm_verify verify);
+			    enum boot_verify verify);
 void fit_close(struct fit_handle *handle);
 
 #endif	/* __IMAGE_FIT_H__ */
-- 
2.11.0