fdt: add "fdt checksign" command
check if a fdt is correct signed
pass an optional addr value. Contains the addr of the key blob
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
diff --git a/common/cmd_fdt.c b/common/cmd_fdt.c
index 3a9edd6..a6744ed 100644
--- a/common/cmd_fdt.c
+++ b/common/cmd_fdt.c
@@ -570,7 +570,7 @@
ft_board_setup(working_fdt, gd->bd);
#endif
/* Create a chosen node */
- else if (argv[1][0] == 'c') {
+ else if (strncmp(argv[1], "cho", 3) == 0) {
unsigned long initrd_start = 0, initrd_end = 0;
if ((argc != 2) && (argc != 4))
@@ -583,6 +583,41 @@
fdt_chosen(working_fdt, 1);
fdt_initrd(working_fdt, initrd_start, initrd_end, 1);
+
+#if defined(CONFIG_FIT_SIGNATURE)
+ } else if (strncmp(argv[1], "che", 3) == 0) {
+ int cfg_noffset;
+ int ret;
+ unsigned long addr;
+ struct fdt_header *blob;
+
+ if (!working_fdt)
+ return CMD_RET_FAILURE;
+
+ if (argc > 2) {
+ addr = simple_strtoul(argv[2], NULL, 16);
+ blob = map_sysmem(addr, 0);
+ } else {
+ blob = (struct fdt_header *)gd->fdt_blob;
+ }
+ if (!fdt_valid(&blob))
+ return 1;
+
+ gd->fdt_blob = blob;
+ cfg_noffset = fit_conf_get_node(working_fdt, NULL);
+ if (!cfg_noffset) {
+ printf("Could not find configuration node: %s\n",
+ fdt_strerror(cfg_noffset));
+ return CMD_RET_FAILURE;
+ }
+
+ ret = fit_config_verify(working_fdt, cfg_noffset);
+ if (ret == 1)
+ return CMD_RET_SUCCESS;
+ else
+ return CMD_RET_FAILURE;
+#endif
+
}
/* resize the fdt */
else if (strncmp(argv[1], "re", 2) == 0) {
@@ -992,6 +1027,11 @@
"fdt rsvmem delete <index> - Delete a mem reserves\n"
"fdt chosen [<start> <end>] - Add/update the /chosen branch in the tree\n"
" <start>/<end> - initrd start/end addr\n"
+#if defined(CONFIG_FIT_SIGNATURE)
+ "fdt checksign [<addr>] - check FIT signature\n"
+ " <start> - addr of key blob\n"
+ " default gd->fdt_blob\n"
+#endif
"NOTE: Dereference aliases by omiting the leading '/', "
"e.g. fdt print ethernet0.";
#endif