tools: use read-only mmap in fit_check_sign
Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
This commit is contained in:
parent
26992928e8
commit
7d57485a8a
@ -70,10 +70,10 @@ int main(int argc, char **argv)
|
|||||||
usage(*argv);
|
usage(*argv);
|
||||||
}
|
}
|
||||||
|
|
||||||
ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false);
|
ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false, true);
|
||||||
if (ffd < 0)
|
if (ffd < 0)
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false);
|
kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false, true);
|
||||||
if (kfd < 0)
|
if (kfd < 0)
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
|
|
||||||
|
@ -41,13 +41,14 @@ int fit_check_image_types(uint8_t type)
|
|||||||
}
|
}
|
||||||
|
|
||||||
int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
|
int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
|
||||||
void **blobp, struct stat *sbuf, bool delete_on_error)
|
void **blobp, struct stat *sbuf, bool delete_on_error,
|
||||||
|
bool read_only)
|
||||||
{
|
{
|
||||||
void *ptr;
|
void *ptr;
|
||||||
int fd;
|
int fd;
|
||||||
|
|
||||||
/* Load FIT blob into memory (we need to write hashes/signatures) */
|
/* Load FIT blob into memory (we need to write hashes/signatures) */
|
||||||
fd = open(fname, O_RDWR | O_BINARY);
|
fd = open(fname, (read_only ? O_RDONLY : O_RDWR) | O_BINARY);
|
||||||
|
|
||||||
if (fd < 0) {
|
if (fd < 0) {
|
||||||
fprintf(stderr, "%s: Can't open %s: %s\n",
|
fprintf(stderr, "%s: Can't open %s: %s\n",
|
||||||
@ -71,7 +72,9 @@ int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
|
|||||||
}
|
}
|
||||||
|
|
||||||
errno = 0;
|
errno = 0;
|
||||||
ptr = mmap(0, sbuf->st_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
|
ptr = mmap(0, sbuf->st_size,
|
||||||
|
(read_only ? PROT_READ : PROT_READ | PROT_WRITE), MAP_SHARED,
|
||||||
|
fd, 0);
|
||||||
if ((ptr == MAP_FAILED) || (errno != 0)) {
|
if ((ptr == MAP_FAILED) || (errno != 0)) {
|
||||||
fprintf(stderr, "%s: Can't read %s: %s\n",
|
fprintf(stderr, "%s: Can't read %s: %s\n",
|
||||||
cmdname, fname, strerror(errno));
|
cmdname, fname, strerror(errno));
|
||||||
|
@ -32,9 +32,11 @@ int fit_check_image_types(uint8_t type);
|
|||||||
* @blobp: Returns pointer to FDT blob
|
* @blobp: Returns pointer to FDT blob
|
||||||
* @sbuf: File status information is stored here
|
* @sbuf: File status information is stored here
|
||||||
* @delete_on_error: true to delete the file if we get an error
|
* @delete_on_error: true to delete the file if we get an error
|
||||||
|
* @read_only: true to open in read-only mode
|
||||||
* @return 0 if OK, -1 on error.
|
* @return 0 if OK, -1 on error.
|
||||||
*/
|
*/
|
||||||
int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
|
int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
|
||||||
void **blobp, struct stat *sbuf, bool delete_on_error);
|
void **blobp, struct stat *sbuf, bool delete_on_error,
|
||||||
|
bool read_only);
|
||||||
|
|
||||||
#endif /* _FIT_COMMON_H_ */
|
#endif /* _FIT_COMMON_H_ */
|
||||||
|
@ -33,7 +33,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
|
|||||||
void *ptr;
|
void *ptr;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
tfd = mmap_fdt(params->cmdname, tmpfile, size_inc, &ptr, &sbuf, true);
|
tfd = mmap_fdt(params->cmdname, tmpfile, size_inc, &ptr, &sbuf, true,
|
||||||
|
false);
|
||||||
if (tfd < 0)
|
if (tfd < 0)
|
||||||
return -EIO;
|
return -EIO;
|
||||||
|
|
||||||
@ -41,7 +42,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
|
|||||||
struct stat dest_sbuf;
|
struct stat dest_sbuf;
|
||||||
|
|
||||||
destfd = mmap_fdt(params->cmdname, params->keydest, size_inc,
|
destfd = mmap_fdt(params->cmdname, params->keydest, size_inc,
|
||||||
&dest_blob, &dest_sbuf, false);
|
&dest_blob, &dest_sbuf, false,
|
||||||
|
false);
|
||||||
if (destfd < 0) {
|
if (destfd < 0) {
|
||||||
ret = -EIO;
|
ret = -EIO;
|
||||||
goto err_keydest;
|
goto err_keydest;
|
||||||
@ -420,7 +422,7 @@ static int fit_extract_data(struct image_tool_params *params, const char *fname)
|
|||||||
int images;
|
int images;
|
||||||
int node;
|
int node;
|
||||||
|
|
||||||
fd = mmap_fdt(params->cmdname, fname, 0, &fdt, &sbuf, false);
|
fd = mmap_fdt(params->cmdname, fname, 0, &fdt, &sbuf, false, false);
|
||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
return -EIO;
|
return -EIO;
|
||||||
fit_size = fdt_totalsize(fdt);
|
fit_size = fdt_totalsize(fdt);
|
||||||
@ -531,7 +533,7 @@ static int fit_import_data(struct image_tool_params *params, const char *fname)
|
|||||||
int images;
|
int images;
|
||||||
int node;
|
int node;
|
||||||
|
|
||||||
fd = mmap_fdt(params->cmdname, fname, 0, &old_fdt, &sbuf, false);
|
fd = mmap_fdt(params->cmdname, fname, 0, &old_fdt, &sbuf, false, false);
|
||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
return -EIO;
|
return -EIO;
|
||||||
fit_size = fdt_totalsize(old_fdt);
|
fit_size = fdt_totalsize(old_fdt);
|
||||||
|
@ -80,7 +80,7 @@ int main(int argc, char **argv)
|
|||||||
fprintf(stderr, "%s: Missing property name\n", *argv);
|
fprintf(stderr, "%s: Missing property name\n", *argv);
|
||||||
usage(*argv);
|
usage(*argv);
|
||||||
}
|
}
|
||||||
ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false);
|
ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false, false);
|
||||||
|
|
||||||
if (ffd < 0) {
|
if (ffd < 0) {
|
||||||
printf("Could not open %s\n", fdtfile);
|
printf("Could not open %s\n", fdtfile);
|
||||||
|
Loading…
Reference in New Issue
Block a user