tools: use read-only mmap in fit_check_sign

Add an option to open files in read-only mode in mmap_fdt so
that fit_check_sign can be used to inspect files on read-only
filesystems.
For example, this is useful when a key is shipped in a read-only
rootfs or squashfs.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
This commit is contained in:
Luca Boccassi 2019-05-14 19:35:02 +01:00 committed by Tom Rini
parent 26992928e8
commit 7d57485a8a
5 changed files with 18 additions and 11 deletions

View File

@ -70,10 +70,10 @@ int main(int argc, char **argv)
usage(*argv); usage(*argv);
} }
ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false); ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false, true);
if (ffd < 0) if (ffd < 0)
return EXIT_FAILURE; return EXIT_FAILURE;
kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false); kfd = mmap_fdt(cmdname, keyfile, 0, &key_blob, &ksbuf, false, true);
if (kfd < 0) if (kfd < 0)
return EXIT_FAILURE; return EXIT_FAILURE;

View File

@ -41,13 +41,14 @@ int fit_check_image_types(uint8_t type)
} }
int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc, int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
void **blobp, struct stat *sbuf, bool delete_on_error) void **blobp, struct stat *sbuf, bool delete_on_error,
bool read_only)
{ {
void *ptr; void *ptr;
int fd; int fd;
/* Load FIT blob into memory (we need to write hashes/signatures) */ /* Load FIT blob into memory (we need to write hashes/signatures) */
fd = open(fname, O_RDWR | O_BINARY); fd = open(fname, (read_only ? O_RDONLY : O_RDWR) | O_BINARY);
if (fd < 0) { if (fd < 0) {
fprintf(stderr, "%s: Can't open %s: %s\n", fprintf(stderr, "%s: Can't open %s: %s\n",
@ -71,7 +72,9 @@ int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
} }
errno = 0; errno = 0;
ptr = mmap(0, sbuf->st_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); ptr = mmap(0, sbuf->st_size,
(read_only ? PROT_READ : PROT_READ | PROT_WRITE), MAP_SHARED,
fd, 0);
if ((ptr == MAP_FAILED) || (errno != 0)) { if ((ptr == MAP_FAILED) || (errno != 0)) {
fprintf(stderr, "%s: Can't read %s: %s\n", fprintf(stderr, "%s: Can't read %s: %s\n",
cmdname, fname, strerror(errno)); cmdname, fname, strerror(errno));

View File

@ -32,9 +32,11 @@ int fit_check_image_types(uint8_t type);
* @blobp: Returns pointer to FDT blob * @blobp: Returns pointer to FDT blob
* @sbuf: File status information is stored here * @sbuf: File status information is stored here
* @delete_on_error: true to delete the file if we get an error * @delete_on_error: true to delete the file if we get an error
* @read_only: true to open in read-only mode
* @return 0 if OK, -1 on error. * @return 0 if OK, -1 on error.
*/ */
int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc, int mmap_fdt(const char *cmdname, const char *fname, size_t size_inc,
void **blobp, struct stat *sbuf, bool delete_on_error); void **blobp, struct stat *sbuf, bool delete_on_error,
bool read_only);
#endif /* _FIT_COMMON_H_ */ #endif /* _FIT_COMMON_H_ */

View File

@ -33,7 +33,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
void *ptr; void *ptr;
int ret = 0; int ret = 0;
tfd = mmap_fdt(params->cmdname, tmpfile, size_inc, &ptr, &sbuf, true); tfd = mmap_fdt(params->cmdname, tmpfile, size_inc, &ptr, &sbuf, true,
false);
if (tfd < 0) if (tfd < 0)
return -EIO; return -EIO;
@ -41,7 +42,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
struct stat dest_sbuf; struct stat dest_sbuf;
destfd = mmap_fdt(params->cmdname, params->keydest, size_inc, destfd = mmap_fdt(params->cmdname, params->keydest, size_inc,
&dest_blob, &dest_sbuf, false); &dest_blob, &dest_sbuf, false,
false);
if (destfd < 0) { if (destfd < 0) {
ret = -EIO; ret = -EIO;
goto err_keydest; goto err_keydest;
@ -420,7 +422,7 @@ static int fit_extract_data(struct image_tool_params *params, const char *fname)
int images; int images;
int node; int node;
fd = mmap_fdt(params->cmdname, fname, 0, &fdt, &sbuf, false); fd = mmap_fdt(params->cmdname, fname, 0, &fdt, &sbuf, false, false);
if (fd < 0) if (fd < 0)
return -EIO; return -EIO;
fit_size = fdt_totalsize(fdt); fit_size = fdt_totalsize(fdt);
@ -531,7 +533,7 @@ static int fit_import_data(struct image_tool_params *params, const char *fname)
int images; int images;
int node; int node;
fd = mmap_fdt(params->cmdname, fname, 0, &old_fdt, &sbuf, false); fd = mmap_fdt(params->cmdname, fname, 0, &old_fdt, &sbuf, false, false);
if (fd < 0) if (fd < 0)
return -EIO; return -EIO;
fit_size = fdt_totalsize(old_fdt); fit_size = fdt_totalsize(old_fdt);

View File

@ -80,7 +80,7 @@ int main(int argc, char **argv)
fprintf(stderr, "%s: Missing property name\n", *argv); fprintf(stderr, "%s: Missing property name\n", *argv);
usage(*argv); usage(*argv);
} }
ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false); ffd = mmap_fdt(cmdname, fdtfile, 0, &fit_blob, &fsbuf, false, false);
if (ffd < 0) { if (ffd < 0) {
printf("Could not open %s\n", fdtfile); printf("Could not open %s\n", fdtfile);