From 9df69ba37f3dd3a3f02fc8c0ba41236960b6b771 Mon Sep 17 00:00:00 2001 From: dp-arm Date: Wed, 24 Aug 2016 13:21:08 +0100 Subject: [PATCH] fiptool: Add support for printing the sha256 digest with info command This feature allows one to quickly verify that the expected image is contained in the FIP without extracting the image and running sha256sum(1) on it. The sha256 digest is only shown when the verbose flag is used. This change requires libssl-dev to be installed in order to build Trusted Firmware. Previously, libssl-dev was optionally needed only to support Trusted Board Boot configurations. Fixes ARM-Software/tf-issues#124 Change-Id: Ifb1408d17f483d482bb270a589ee74add25ec5a6 --- docs/user-guide.md | 4 +--- tools/fiptool/Makefile | 3 ++- tools/fiptool/fiptool.c | 22 +++++++++++++++++++--- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/docs/user-guide.md b/docs/user-guide.md index a6959b14..d545262c 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -64,7 +64,7 @@ Cygwin, and Msys (MinGW) shells, using version 4.9.1 of the GNU toolchain. Install the required packages to build Trusted Firmware with the following command: - sudo apt-get install build-essential gcc make git + sudo apt-get install build-essential gcc make git libssl-dev Download and install the AArch64 little-endian GCC cross compiler as indicated in the [Linaro instructions][Linaro SW Instructions]. @@ -74,8 +74,6 @@ In addition, the following optional packages and tools may be needed: * `device-tree-compiler` package if you need to rebuild the Flattened Device Tree (FDT) source files (`.dts` files) provided with this software. -* `libssl-dev` package if Trusted Board Boot is enabled in the build. - * For debugging, ARM [Development Studio 5 (DS-5)][DS-5]. diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile index 3bc372a2..df76a75e 100644 --- a/tools/fiptool/Makefile +++ b/tools/fiptool/Makefile @@ -44,6 +44,7 @@ ifeq (${DEBUG},1) else CFLAGS += -O2 endif +LDLIBS := -lcrypto ifeq (${V},0) Q := @ @@ -62,7 +63,7 @@ all: ${PROJECT} fip_create ${PROJECT}: ${OBJECTS} Makefile @echo " LD $@" - ${Q}${CC} ${OBJECTS} -o $@ + ${Q}${CC} ${OBJECTS} -o $@ ${LDLIBS} @${ECHO_BLANK_LINE} @echo "Built $@ successfully" @${ECHO_BLANK_LINE} diff --git a/tools/fiptool/fiptool.c b/tools/fiptool/fiptool.c index 68ddcf5a..6a3406e0 100644 --- a/tools/fiptool/fiptool.c +++ b/tools/fiptool/fiptool.c @@ -42,6 +42,8 @@ #include #include +#include + #include "fiptool.h" #include "firmware_image_package.h" #include "tbbr_config.h" @@ -354,6 +356,14 @@ static void add_opt(struct option *opts, int idx, char *name, opts[idx].val = val; } +static void md_print(unsigned char *md, size_t len) +{ + size_t i; + + for (i = 0; i < len; i++) + printf("%02x", md[i]); +} + static int info_cmd(int argc, char *argv[]) { image_t *image; @@ -391,10 +401,16 @@ static int info_cmd(int argc, char *argv[]) (unsigned long long)image_offset, (unsigned long long)image_size); if (image->toc_entry != NULL) - printf(", cmdline=\"--%s\"\n", + printf(", cmdline=\"--%s\"", image->toc_entry->cmdline_name); - else - putchar('\n'); + if (verbose) { + unsigned char md[SHA256_DIGEST_LENGTH]; + + SHA256(image->buffer, image_size, md); + printf(", sha256="); + md_print(md, sizeof(md)); + } + putchar('\n'); image_offset += image_size; } -- 2.30.2