SPL: Add signature verification when loading image
U-boot proper signature is not verified by SPL on most platforms
even config SPL_FIT_SIGNATURE is enabled. Only fsl-layerscape
platform support secure boot in platform specific code. So
verified boot cannot be achieved if u-boot proper is loaded by
SPL.
This patch add signature verification to u-boot proper images
when loading FIT image in SPL. It is tested on Allwinner bananapi
zero board with H2+ SoC.
Signed-off-by: Jun Nie <jun.nie@linaro.org>
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index b705d03..be92ca4 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -174,6 +174,9 @@
uint8_t image_comp = -1, type = -1;
const void *data;
bool external_data = false;
+#ifdef CONFIG_SPL_FIT_SIGNATURE
+ int ret;
+#endif
if (IS_ENABLED(CONFIG_SPL_OS_BOOT) && IS_ENABLED(CONFIG_SPL_GZIP)) {
if (fit_image_get_comp(fit, node, &image_comp))
@@ -252,7 +255,16 @@
image_info->entry_point = fdt_getprop_u32(fit, node, "entry");
}
+#ifdef CONFIG_SPL_FIT_SIGNATURE
+ printf("## Checking hash(es) for Image %s ...\n",
+ fit_get_name(fit, node, NULL));
+ ret = fit_image_verify_with_data(fit, node,
+ (const void *)load_addr, length);
+ printf("\n");
+ return !ret;
+#else
return 0;
+#endif
}
static int spl_fit_append_fdt(struct spl_image_info *spl_image,