Add the command pre_load_verify that check the signature of
an image with the pre-load header. If the check
succeed, the u-boot env variable 'loadaddr_verified'
is set to the address of the image (without the header).
It allows to run such commands:
tftp script.img && pre_load_verify $loadaddr && source $loadaddr_verified
Signed-off-by: Philippe Reynes <philippe.rey...@softathome.com>
---
cmd/Kconfig | 8 ++++++
cmd/Makefile | 2 ++
cmd/pre-load-verify.c | 53 +++++++++++++++++++++++++++++++++++
doc/usage/pre-load-verify.rst | 44 +++++++++++++++++++++++++++++
4 files changed, 107 insertions(+)
create mode 100644 cmd/pre-load-verify.c
create mode 100644 doc/usage/pre-load-verify.rst
diff --git a/cmd/Kconfig b/cmd/Kconfig
index 87aa3fb11a..9b235210e3 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -428,6 +428,14 @@ config CMD_THOR_DOWNLOAD
There is no documentation about this within the U-Boot source code
but you should be able to find something on the interwebs.
+config CMD_PRE_LOAD_VERIFY
+ bool "verify the global signature"
+ depends on IMAGE_PRE_LOAD
+ help
+ Verify the signature provided in a pre-load header of
+ a full image.
+ Documentation is available in doc/usage/pre-load-verify.txt
+
config CMD_ZBOOT
bool "zboot - x86 boot command"
help
diff --git a/cmd/Makefile b/cmd/Makefile
index 166c652d98..29ee9b8fab 100644
--- a/cmd/Makefile
+++ b/cmd/Makefile
@@ -188,6 +188,8 @@ obj-$(CONFIG_CMD_ETHSW) += ethsw.o
obj-$(CONFIG_CMD_AXI) += axi.o
obj-$(CONFIG_CMD_PVBLOCK) += pvblock.o
+obj-$(CONFIG_CMD_PRE_LOAD_VERIFY) += pre-load-verify.o
+
# Power
obj-$(CONFIG_CMD_PMIC) += pmic.o
obj-$(CONFIG_CMD_REGULATOR) += regulator.o
diff --git a/cmd/pre-load-verify.c b/cmd/pre-load-verify.c
new file mode 100644
index 0000000000..c2c4e57d5f
--- /dev/null
+++ b/cmd/pre-load-verify.c
@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2022 Philippe Reynes <philippe.rey...@softathome.com>
+ */
+
+#include <common.h>
+#include <env.h>
+#include <image.h>
+#include <mapmem.h>
+
+static ulong verify_get_addr(int argc, char *const argv[])
+{
+ ulong addr;
+
+ if (argc > 0)
+ addr = hextoul(argv[0], NULL);
+ else
+ addr = image_load_addr;
+
+ return addr;
+}
+
+static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ ulong addr = verify_get_addr(argc, argv);
+ int ret = 0;
+
+ argc--; argv++;
+
+ addr = verify_get_addr(argc, argv);
+
+ if (CONFIG_IS_ENABLED(IMAGE_PRE_LOAD)) {
+ ret = image_pre_load(addr);
+
+ if (ret) {
+ ret = CMD_RET_FAILURE;
+ goto out;
+ }
+
+ env_set_hex("loadaddr_verified", addr + image_load_offset);
+ }
+
+ out:
+ return ret;
+}
+
+U_BOOT_CMD(pre_load_verify, 2, 1, do_verify,
+ "verify the global signature provided in the pre-load header,\n",
+ "\tif the check succeed, the u-boot env variable loadaddr_verified\n"
+ "\tis set to the address of the image (without the header)"
+ "<image addr>"
+);
diff --git a/doc/usage/pre-load-verify.rst b/doc/usage/pre-load-verify.rst
new file mode 100644
index 0000000000..7b833d079b
--- /dev/null
+++ b/doc/usage/pre-load-verify.rst
@@ -0,0 +1,44 @@
+.. SPDX-License-Identifier: GPL-2.0+
+
+pre-load-verify command
+=======================
+
+Synopsis
+--------
+
+::
+
+ pre_load_verify <addr>
+
+Description
+-----------
+
+The pre-load-verify command verify the signature of the binary at address addr
+using the pre-load header that should be at the beginning of the binary.
+
+addr
+ Address of the binary to verify
+
+
+Examples
+--------
+
+
+::
+
+ => pre_load_verify 100
+ INFO: signature check has succeed
+
+If succeed, the u-boot env variable loadaddr_verified is set to the address
+if the binary after the pre-load header
+
+::
+
+ => printenv loadaddr_verified
+ loadaddr_verified=1100
+
+
+Return value
+------------
+
+The return value $? is 0 is the signature check succeed, 1 otherwise
--
2.17.1
