aboutsummaryrefslogtreecommitdiff
path: root/tools/fdt_add_pubkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'tools/fdt_add_pubkey.c')
-rw-r--r--tools/fdt_add_pubkey.c138
1 files changed, 138 insertions, 0 deletions
diff --git a/tools/fdt_add_pubkey.c b/tools/fdt_add_pubkey.c
new file mode 100644
index 00000000000..999f5a7e83b
--- /dev/null
+++ b/tools/fdt_add_pubkey.c
@@ -0,0 +1,138 @@
+// SPDX-License-Identifier: GPL-2.0+
+#include <image.h>
+#include "fit_common.h"
+
+static const char *cmdname;
+
+static const char *algo_name = "sha1,rsa2048"; /* -a <algo> */
+static const char *keydir = "."; /* -k <keydir> */
+static const char *keyname = "key"; /* -n <keyname> */
+static const char *require_keys; /* -r <conf|image> */
+static const char *keydest; /* argv[n] */
+
+static void print_usage(const char *msg)
+{
+ fprintf(stderr, "Error: %s\n", msg);
+ fprintf(stderr, "Usage: %s [-a <algo>] [-k <keydir>] [-n <keyname>] [-r <conf|image>]"
+ " <fdt blob>\n", cmdname);
+ fprintf(stderr, "Help information: %s [-h]\n", cmdname);
+ exit(EXIT_FAILURE);
+}
+
+static void print_help(void)
+{
+ fprintf(stderr, "Options:\n"
+ "\t-a <algo> Cryptographic algorithm. Optional parameter, default value: sha1,rsa2048\n"
+ "\t-k <keydir> Directory with public key. Optional parameter, default value: .\n"
+ "\t-n <keyname> Public key name. Optional parameter, default value: key\n"
+ "\t-r <conf|image> Required: If present this indicates that the key must be verified for the image / configuration to be considered valid.\n"
+ "\t<fdt blob> FDT blob file for adding of the public key. Required parameter.\n");
+ exit(EXIT_FAILURE);
+}
+
+static void process_args(int argc, char *argv[])
+{
+ int opt;
+
+ while ((opt = getopt(argc, argv, "a:k:n:r:h")) != -1) {
+ switch (opt) {
+ case 'k':
+ keydir = optarg;
+ break;
+ case 'a':
+ algo_name = optarg;
+ break;
+ case 'n':
+ keyname = optarg;
+ break;
+ case 'r':
+ require_keys = optarg;
+ break;
+ case 'h':
+ print_help();
+ default:
+ print_usage("Invalid option");
+ }
+ }
+ /* The last parameter is expected to be the .dtb to add the public key to */
+ if (optind < argc)
+ keydest = argv[optind];
+
+ if (!keydest)
+ print_usage("Missing dtb file to update");
+}
+
+static void reset_info(struct image_sign_info *info)
+{
+ if (!info)
+ fprintf(stderr, "Error: info is NULL in %s\n", __func__);
+
+ memset(info, 0, sizeof(struct image_sign_info));
+
+ info->keydir = keydir;
+ info->keyname = keyname;
+ info->name = algo_name;
+ info->require_keys = require_keys;
+ info->crypto = image_get_crypto_algo(algo_name);
+
+ if (!info->crypto) {
+ fprintf(stderr, "Unsupported signature algorithm '%s'\n",
+ algo_name);
+ exit(EXIT_FAILURE);
+ }
+}
+
+static int add_pubkey(struct image_sign_info *info)
+{
+ int destfd = -1, ret;
+ void *dest_blob = NULL;
+ struct stat dest_sbuf;
+ size_t size_inc = 0;
+
+ if (!info)
+ fprintf(stderr, "Error: info is NULL in %s\n", __func__);
+
+ do {
+ if (destfd >= 0) {
+ munmap(dest_blob, dest_sbuf.st_size);
+ close(destfd);
+
+ fprintf(stderr, ".dtb too small, increasing size by 1024 bytes\n");
+ size_inc = 1024;
+ }
+
+ destfd = mmap_fdt(cmdname, keydest, size_inc, &dest_blob,
+ &dest_sbuf, false, false);
+ if (destfd < 0)
+ exit(EXIT_FAILURE);
+
+ ret = info->crypto->add_verify_data(info, dest_blob);
+ if (ret == -ENOSPC)
+ continue;
+ else if (ret < 0)
+ break;
+ } while (ret == -ENOSPC);
+
+ return ret;
+}
+
+int main(int argc, char *argv[])
+{
+ struct image_sign_info info;
+ int ret;
+
+ cmdname = argv[0];
+
+ process_args(argc, argv);
+ reset_info(&info);
+ ret = add_pubkey(&info);
+
+ if (ret < 0) {
+ fprintf(stderr, "%s: Cannot add public key to FIT blob: %s\n",
+ cmdname, strerror(ret));
+ exit(EXIT_FAILURE);
+ }
+
+ exit(EXIT_SUCCESS);
+}
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 12:10:13 +0000