From 7d57485a8a3c45c254919f01337c14cc2856accd Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Tue, 14 May 2019 19:35:02 +0100
Subject: [PATCH] tools: use read-only mmap in fit_check_sign

Add an option to open files in read-only mode in mmap_fdt so
that fit_check_sign can be used to inspect files on read-only
filesystems.
For example, this is useful when a key is shipped in a read-only
rootfs or squashfs.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
---
 tools/fit_check_sign.c |  4 ++--
 tools/fit_common.c     |  9 ++++++---
 tools/fit_common.h     |  4 +++-
 tools/fit_image.c      | 10 ++++++----
 tools/fit_info.c       |  2 +-
 5 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
index 62adc751cb..4528743792 100644
--- a/tools/fit_check_sign.c
+++ b/tools/fit_check_sign.c
@@ -70,10 +70,10 @@ int main(int argc, char **argv)
 		usage(*argv);
 	}
 
-	ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false);
+	ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false, true);
 	if (ffd < 0)
 		return EXIT_FAILURE;
-	kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false);
+	kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false, true);
 	if (kfd < 0)
 		return EXIT_FAILURE;
 
diff --git a/tools/fit_common.c b/tools/fit_common.c
index 9506390214..cdf987d3c1 100644
--- a/tools/fit_common.c
+++ b/tools/fit_common.c
@@ -41,13 +41,14 @@ int fit_check_image_types(uint8_t type)
 }
 
 int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
-	     void **blobp, struct stat *sbuf, bool delete_on_error)
+	     void **blobp, struct stat *sbuf, bool delete_on_error,
+	     bool read_only)
 {
 	void *ptr;
 	int fd;
 
 	/* Load FIT blob into memory (we need to write hashes/signatures) */
-	fd = open(fname, O_RDWR | O_BINARY);
+	fd = open(fname, (read_only ? O_RDONLY : O_RDWR) | O_BINARY);
 
 	if (fd < 0) {
 		fprintf(stderr, "%s: Can't open %s: %s\n",
@@ -71,7 +72,9 @@ int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
 	}
 
 	errno = 0;
-	ptr = mmap(0, sbuf->st_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
+	ptr = mmap(0, sbuf->st_size,
+		   (read_only ? PROT_READ : PROT_READ | PROT_WRITE), MAP_SHARED,
+		   fd, 0);
 	if ((ptr == MAP_FAILED) || (errno != 0)) {
 		fprintf(stderr, "%s: Can't read %s: %s\n",
 			cmdname, fname, strerror(errno));
diff --git a/tools/fit_common.h b/tools/fit_common.h
index 9e09624f64..1e81d4c68b 100644
--- a/tools/fit_common.h
+++ b/tools/fit_common.h
@@ -32,9 +32,11 @@ int fit_check_image_types(uint8_t type);
  * @blobp:	Returns pointer to FDT blob
  * @sbuf:	File status information is stored here
  * @delete_on_error:	true to delete the file if we get an error
+ * @read_only:	true to open in read-only mode
  * @return 0 if OK, -1 on error.
  */
 int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
-	     void **blobp, struct stat *sbuf, bool delete_on_error);
+	     void **blobp, struct stat *sbuf, bool delete_on_error,
+	     bool read_only);
 
 #endif /* _FIT_COMMON_H_ */
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 3b867e0656..5aca634b5e 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -33,7 +33,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
 	void *ptr;
 	int ret = 0;
 
-	tfd = mmap_fdt(params->cmdname, tmpfile, size_inc, &ptr, &sbuf, true);
+	tfd = mmap_fdt(params->cmdname, tmpfile, size_inc, &ptr, &sbuf, true,
+		       false);
 	if (tfd < 0)
 		return -EIO;
 
@@ -41,7 +42,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
 		struct stat dest_sbuf;
 
 		destfd = mmap_fdt(params->cmdname, params->keydest, size_inc,
-				  &dest_blob, &dest_sbuf, false);
+				  &dest_blob, &dest_sbuf, false,
+				  false);
 		if (destfd < 0) {
 			ret = -EIO;
 			goto err_keydest;
@@ -420,7 +422,7 @@ static int fit_extract_data(struct image_tool_params *params, const char *fname)
 	int images;
 	int node;
 
-	fd = mmap_fdt(params->cmdname, fname, 0, &fdt, &sbuf, false);
+	fd = mmap_fdt(params->cmdname, fname, 0, &fdt, &sbuf, false, false);
 	if (fd < 0)
 		return -EIO;
 	fit_size = fdt_totalsize(fdt);
@@ -531,7 +533,7 @@ static int fit_import_data(struct image_tool_params *params, const char *fname)
 	int images;
 	int node;
 
-	fd = mmap_fdt(params->cmdname, fname, 0, &old_fdt, &sbuf, false);
+	fd = mmap_fdt(params->cmdname, fname, 0, &old_fdt, &sbuf, false, false);
 	if (fd < 0)
 		return -EIO;
 	fit_size = fdt_totalsize(old_fdt);
diff --git a/tools/fit_info.c b/tools/fit_info.c
index 45e0b310f7..b2642ec5b7 100644
--- a/tools/fit_info.c
+++ b/tools/fit_info.c
@@ -80,7 +80,7 @@ int main(int argc, char **argv)
 		fprintf(stderr, "%s: Missing property name\n", *argv);
 		usage(*argv);
 	}
-	ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false);
+	ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false, false);
 
 	if (ffd < 0) {
 		printf("Could not open %s\n", fdtfile);