From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 13 Feb 2023 09:46:58 +0100 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1pRUUG-0062Ih-DR for lore@lore.pengutronix.de; Mon, 13 Feb 2023 09:46:58 +0100 Received: from bombadil.infradead.org ([2607:7c80:54:3::133]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pRUUD-0008OO-Kb for lore@pengutronix.de; Mon, 13 Feb 2023 09:46:58 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:From:In-Reply-To: Content-Transfer-Encoding:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ZkSeWx0tly3dgYMfjbUP96BedZtE1ySeZ0KYq6xygyk=; b=kqgiGEX6Z24Y8QKgOCkFk1rdzK dQaDZ5OLtt7cNAmzfiXlO3bbLNvIX2vJ73q8fr7CPh5jXkkf1keA3QJuxyfX1gU+m0thEw6POLlVe 1AxlgxEiRRl9vKOPq+JP2M0bbJpUyfkgOCCmik2Z0x+9Y9x0Gw0FfxN+z4Kgf9v1HrL3hR5TgD37g UCGSKRm9UsgEwFWuFbODMrAD+T8Dyz++7akbHWVADMRF4WFc+nsQcRYRhJjfPQqTAELPn0aIKalGs l9kNtL5JrNUYCUPqkHagtu3o+T4OcanRhJRbN3n+uk72++1IKrBE7TGdP8WCUcfp6L/rldIcn8mTL HtMQwp4g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pRUSf-00DeNw-Tu; Mon, 13 Feb 2023 08:45:22 +0000 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pRUSa-00DeLt-5g for barebox@lists.infradead.org; Mon, 13 Feb 2023 08:45:17 +0000 Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pRUSW-00084h-DM; Mon, 13 Feb 2023 09:45:12 +0100 Received: from sha by ptx.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1pRUSW-0006Z6-67; Mon, 13 Feb 2023 09:45:12 +0100 Date: Mon, 13 Feb 2023 09:45:12 +0100 To: Ahmad Fatoum Cc: barebox@lists.infradead.org Message-ID: <20230213084512.GF10447@pengutronix.de> References: <20230210165353.3601175-1-a.fatoum@pengutronix.de> <20230210165353.3601175-4-a.fatoum@pengutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20230210165353.3601175-4-a.fatoum@pengutronix.de> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-Accept-Language: de,en X-Accept-Content-Type: text/plain User-Agent: Mutt/1.10.1 (2018-07-13) From: Sascha Hauer X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230213_004516_235098_11E39295 X-CRM114-Status: GOOD ( 31.76 ) X-BeenThere: barebox@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "barebox" X-SA-Exim-Connect-IP: 2607:7c80:54:3::133 X-SA-Exim-Mail-From: barebox-bounces+lore=pengutronix.de@lists.infradead.org X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-4.7 required=4.0 tests=AWL,BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.2 Subject: Re: [PATCH v2 4/4] boards: qemu-virt: support passing in FIT public key X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000) X-SA-Exim-Scanned: Yes (on metis.ext.pengutronix.de) On Fri, Feb 10, 2023 at 05:53:53PM +0100, Ahmad Fatoum wrote: > FIT public key is usually passed in via board DT. Usual way to use > barebox with QEMU Virt however is to use DT supplied by Qemu and apply > overlay to it. mkimage doesn't generate overlay DTB though. To make > barbebox Qemu Virt behave like other boards, let's define a dummy DT > that includes CONFIG_BOOTM_FITIMAGE_PUBKEY, which is merged with the > barebox live device tree. > > Suggested-by: Jan Lübbe > Signed-off-by: Ahmad Fatoum > --- > v1 -> v2: > - no changes > --- > common/boards/qemu-virt/Makefile | 2 +- > common/boards/qemu-virt/board.c | 7 ++++++- > common/boards/qemu-virt/fitimage-pubkey.dts | 7 +++++++ > 3 files changed, 14 insertions(+), 2 deletions(-) > create mode 100644 common/boards/qemu-virt/fitimage-pubkey.dts > > diff --git a/common/boards/qemu-virt/Makefile b/common/boards/qemu-virt/Makefile > index 88184e9a7969..00bfdfbda696 100644 > --- a/common/boards/qemu-virt/Makefile > +++ b/common/boards/qemu-virt/Makefile > @@ -1,7 +1,7 @@ > # SPDX-License-Identifier: GPL-2.0-only > > obj-y += board.o > -obj-y += overlay-of-flash.dtb.o > +obj-y += overlay-of-flash.dtb.o fitimage-pubkey.dtb.o > ifeq ($(CONFIG_RISCV),y) > DTC_CPP_FLAGS_overlay-of-flash.dtb := -DRISCV_VIRT=1 > endif > diff --git a/common/boards/qemu-virt/board.c b/common/boards/qemu-virt/board.c > index ec92ae94aec9..2669e9de5a2a 100644 > --- a/common/boards/qemu-virt/board.c > +++ b/common/boards/qemu-virt/board.c > @@ -35,10 +35,11 @@ static inline void arm_virt_init(void) {} > #endif > > extern char __dtb_overlay_of_flash_start[]; > +extern char __dtb_fitimage_pubkey_start[]; > > static int virt_probe(struct device *dev) > { > - struct device_node *overlay; > + struct device_node *overlay, *pubkey; > void (*init)(void); > > init = device_get_match_data(dev); > @@ -47,6 +48,10 @@ static int virt_probe(struct device *dev) > > overlay = of_unflatten_dtb(__dtb_overlay_of_flash_start, INT_MAX); > of_overlay_apply_tree(dev->of_node, overlay); > + > + pubkey = of_unflatten_dtb(__dtb_fitimage_pubkey_start, INT_MAX); > + of_merge_nodes(dev->of_node, pubkey); > + > /* of_probe() will happen later at of_populate_initcall */ > > return 0; > diff --git a/common/boards/qemu-virt/fitimage-pubkey.dts b/common/boards/qemu-virt/fitimage-pubkey.dts > new file mode 100644 > index 000000000000..497799fa4b60 > --- /dev/null > +++ b/common/boards/qemu-virt/fitimage-pubkey.dts > @@ -0,0 +1,7 @@ > +/dts-v1/; > + > +#ifdef CONFIG_BOOTM_FITIMAGE_PUBKEY > +#include CONFIG_BOOTM_FITIMAGE_PUBKEY > +#endif I wonder if we've gone the wrong path here. Every board that wants to put a key into the device tree needs this snippet. Instead of compiling the dtsi containing the key into the barebox main device tree wouldn't it be better to always create an extra dtb from the dtsi provdided in CONFIG_BOOTM_FITIMAGE_PUBKEY and apply something along the following? What's missing is some Makefile magic to compile an extra dtb named fitimage_pubkey from whatever name is provided in CONFIG_BOOTM_FITIMAGE_PUBKEY, but that should be doable as well. diff --git a/crypto/rsa.c b/crypto/rsa.c index fc21efdb6d..6939513db9 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c @@ -491,16 +491,13 @@ static struct rsa_public_key *rsa_key_dup(const struct rsa_public_key *key) extern const struct rsa_public_key * const __rsa_keys_start; extern const struct rsa_public_key * const __rsa_keys_end; -static void rsa_init_keys_of(void) +static void rsa_init_keys_of(struct device_node *root) { struct device_node *sigs, *sig; struct rsa_public_key *key; int ret; - if (!IS_ENABLED(CONFIG_OFTREE)) - return; - - sigs = of_find_node_by_path("/signature"); + sigs = of_find_node_by_path_from(root, "/signature"); if (!sigs) return; @@ -519,6 +516,26 @@ static void rsa_init_keys_of(void) } } +extern char __dtb_fitimage_pubkey_start[]; + +static void rsa_of_init_keys(void) +{ + struct device_node *root; + + if (!IS_ENABLED(CONFIG_OFTREE)) + return; + + root = of_get_root_node(); + if (root) + rsa_init_keys_of(root); + +#ifdef CONFIG_BOOTM_FITIMAGE_PUBKEY + root = of_unflatten_dtb(__dtb_fitimage_pubkey_start, INT_MAX); + if (root) + rsa_init_keys_of(root); +#endif +} + static int rsa_init_keys(void) { const struct rsa_public_key * const *iter; @@ -533,7 +550,7 @@ static int rsa_init_keys(void) key->key_name_hint, strerror(-ret)); } - rsa_init_keys_of(); + rsa_of_init_keys(); return 0; } -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |