Add the command pre_load_verify that check the signature of an image with the pre-load header. If the check succeed, the u-boot env variable 'loadaddr_verified' is set to the address of the image (without the header).
It allows to run such commands: tftp script.img && pre_load_verify $loadaddr && source $loadaddr_verified Signed-off-by: Philippe Reynes <philippe.rey...@softathome.com> --- cmd/Kconfig | 8 ++++++ cmd/Makefile | 2 ++ cmd/pre-load-verify.c | 53 +++++++++++++++++++++++++++++++++++ doc/usage/pre-load-verify.rst | 44 +++++++++++++++++++++++++++++ 4 files changed, 107 insertions(+) create mode 100644 cmd/pre-load-verify.c create mode 100644 doc/usage/pre-load-verify.rst diff --git a/cmd/Kconfig b/cmd/Kconfig index 87aa3fb11a..9b235210e3 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -428,6 +428,14 @@ config CMD_THOR_DOWNLOAD There is no documentation about this within the U-Boot source code but you should be able to find something on the interwebs. +config CMD_PRE_LOAD_VERIFY + bool "verify the global signature" + depends on IMAGE_PRE_LOAD + help + Verify the signature provided in a pre-load header of + a full image. + Documentation is available in doc/usage/pre-load-verify.txt + config CMD_ZBOOT bool "zboot - x86 boot command" help diff --git a/cmd/Makefile b/cmd/Makefile index 166c652d98..29ee9b8fab 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -188,6 +188,8 @@ obj-$(CONFIG_CMD_ETHSW) += ethsw.o obj-$(CONFIG_CMD_AXI) += axi.o obj-$(CONFIG_CMD_PVBLOCK) += pvblock.o +obj-$(CONFIG_CMD_PRE_LOAD_VERIFY) += pre-load-verify.o + # Power obj-$(CONFIG_CMD_PMIC) += pmic.o obj-$(CONFIG_CMD_REGULATOR) += regulator.o diff --git a/cmd/pre-load-verify.c b/cmd/pre-load-verify.c new file mode 100644 index 0000000000..c2c4e57d5f --- /dev/null +++ b/cmd/pre-load-verify.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (C) 2022 Philippe Reynes <philippe.rey...@softathome.com> + */ + +#include <common.h> +#include <env.h> +#include <image.h> +#include <mapmem.h> + +static ulong verify_get_addr(int argc, char *const argv[]) +{ + ulong addr; + + if (argc > 0) + addr = hextoul(argv[0], NULL); + else + addr = image_load_addr; + + return addr; +} + +static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + ulong addr = verify_get_addr(argc, argv); + int ret = 0; + + argc--; argv++; + + addr = verify_get_addr(argc, argv); + + if (CONFIG_IS_ENABLED(IMAGE_PRE_LOAD)) { + ret = image_pre_load(addr); + + if (ret) { + ret = CMD_RET_FAILURE; + goto out; + } + + env_set_hex("loadaddr_verified", addr + image_load_offset); + } + + out: + return ret; +} + +U_BOOT_CMD(pre_load_verify, 2, 1, do_verify, + "verify the global signature provided in the pre-load header,\n", + "\tif the check succeed, the u-boot env variable loadaddr_verified\n" + "\tis set to the address of the image (without the header)" + "<image addr>" +); diff --git a/doc/usage/pre-load-verify.rst b/doc/usage/pre-load-verify.rst new file mode 100644 index 0000000000..7b833d079b --- /dev/null +++ b/doc/usage/pre-load-verify.rst @@ -0,0 +1,44 @@ +.. SPDX-License-Identifier: GPL-2.0+ + +pre-load-verify command +======================= + +Synopsis +-------- + +:: + + pre_load_verify <addr> + +Description +----------- + +The pre-load-verify command verify the signature of the binary at address addr +using the pre-load header that should be at the beginning of the binary. + +addr + Address of the binary to verify + + +Examples +-------- + + +:: + + => pre_load_verify 100 + INFO: signature check has succeed + +If succeed, the u-boot env variable loadaddr_verified is set to the address +if the binary after the pre-load header + +:: + + => printenv loadaddr_verified + loadaddr_verified=1100 + + +Return value +------------ + +The return value $? is 0 is the signature check succeed, 1 otherwise -- 2.17.1