[PATCH 02/13] boot_verify: use a new error ESECVIOLATION

Michael Olbrich m.olbrich at pengutronix.de
Sun Mar 26 00:59:00 PDT 2017


On Sun, Mar 26, 2017 at 04:44:53AM +0200, Jean-Christophe PLAGNIOL-VILLARD wrote:
> so we can indentify it correctly
> 
> Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj at jcrosoft.com>
> ---
>  common/bootm.c              |  7 ++++---
>  common/efi/efi.c            |  2 +-
>  common/image-fit.c          | 12 ++++++------
>  include/asm-generic/errno.h |  1 +
>  4 files changed, 12 insertions(+), 10 deletions(-)
> 
> diff --git a/common/bootm.c b/common/bootm.c
> index 64c933b3c..53311ab1c 100644
> --- a/common/bootm.c
> +++ b/common/bootm.c
> @@ -541,9 +541,10 @@ int bootm_boot(struct bootm_data *bootm_data)
>  		data->oftree = NULL;
>  		data->oftree_file = NULL;
>  		data->initrd_file = NULL;
> -		if (os_type != filetype_oftree) {
> -			printf("Signed boot and image is no FIT image, aborting\n");
> -			ret = -EINVAL;
> +		if (!handler->is_secure_supported) {

is_secure_supported is introduced on the next patch, so this hunk belongs
into that patch.

Regards,
Michael

> +			printf("Signed boot and image %s does not support it",
> +				handler->name);
> +			ret = -ESECVIOLATION;
>  			goto err_out;
>  		}
>  	}
> diff --git a/common/efi/efi.c b/common/efi/efi.c
> index 05c58250f..19ee96411 100644
> --- a/common/efi/efi.c
> +++ b/common/efi/efi.c
> @@ -244,7 +244,7 @@ int efi_errno(efi_status_t err)
>  	case EFI_TFTP_ERROR: ret = EINVAL; break;
>  	case EFI_PROTOCOL_ERROR: ret = EPROTO; break;
>  	case EFI_INCOMPATIBLE_VERSION: ret = EINVAL; break;
> -	case EFI_SECURITY_VIOLATION: ret = EINVAL; break;
> +	case EFI_SECURITY_VIOLATION: ret = ESECVIOLATION; break;
>  	case EFI_CRC_ERROR: ret = EINVAL; break;
>  	case EFI_END_OF_MEDIA: ret = EINVAL; break;
>  	case EFI_END_OF_FILE: ret = EINVAL; break;
> diff --git a/common/image-fit.c b/common/image-fit.c
> index 5c014d66b..5750199c3 100644
> --- a/common/image-fit.c
> +++ b/common/image-fit.c
> @@ -353,23 +353,23 @@ static int fit_verify_hash(struct device_node *hash, const void *data, int data_
>  	value_read = of_get_property(hash, "value", &hash_len);
>  	if (!value_read) {
>  		pr_err("%s: \"value\" property not found\n", hash->full_name);
> -		return -EINVAL;
> +		return -ESECVIOLATION;
>  	}
>  
>  	if (of_property_read_string(hash, "algo", &algo)) {
>  		pr_err("%s: \"algo\" property not found\n", hash->full_name);
> -		return -EINVAL;
> +		return -ESECVIOLATION;
>  	}
>  
>  	d = digest_alloc(algo);
>  	if (!d) {
>  		pr_err("%s: unsupported algo %s\n", hash->full_name, algo);
> -		return -EINVAL;
> +		return -ESECVIOLATION;
>  	}
>  
>  	if (hash_len != digest_length(d)) {
>  		pr_err("%s: invalid hash length %d\n", hash->full_name, hash_len);
> -		ret = -EINVAL;
> +		ret = -ESECVIOLATION;
>  		goto err_digest_free;
>  	}
>  
> @@ -381,7 +381,7 @@ static int fit_verify_hash(struct device_node *hash, const void *data, int data_
>  
>  	if (memcmp(value_read, value_calc, hash_len)) {
>  		pr_info("%s: hash BAD\n", hash->full_name);
> -		ret =  -EBADMSG;
> +		ret =  -ESECVIOLATION;
>  	} else {
>  		pr_info("%s: hash OK\n", hash->full_name);
>  		ret = 0;
> @@ -431,7 +431,7 @@ static int fit_open_image(struct fit_handle *handle, const char *unit, const voi
>  		if (handle->verify == BOOTM_VERIFY_AVAILABLE)
>  			ret = 0;
>  		else
> -			ret = -EINVAL;
> +			ret = -ESECVIOLATION;
>  		for_each_child_of_node(image, hash) {
>  			if (handle->verbose)
>  				of_print_nodes(hash, 0);
> diff --git a/include/asm-generic/errno.h b/include/asm-generic/errno.h
> index 7d99a9537..45b2a2065 100644
> --- a/include/asm-generic/errno.h
> +++ b/include/asm-generic/errno.h
> @@ -133,6 +133,7 @@
>  #define	EKEYREJECTED	129	/* Key was rejected by service */
>  
>  /* Should never be seen by user programs */
> +#define ESECVIOLATION	511
>  #define ERESTARTSYS	512
>  #define ERESTARTNOINTR	513
>  #define ERESTARTNOHAND	514	/* restart if no handler.. */
> -- 
> 2.11.0
> 
> 
> _______________________________________________
> barebox mailing list
> barebox at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



More information about the barebox mailing list