spl: spl_fit.c: enable check of signature for config node in spl/tpl

This commit add the support of signature check for config node
in spl/tpl when the function spl_load_simple_fit is used.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index 6418062b93a48c03b9e78e787904b5a8e3f97017..2fbee4f19f38a3640c141a0bcfab504bb9994d57 100644 (file)
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -558,6 +558,16 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
        if (spl_load_simple_fit_skip_processing())
                return 0;
 
+       if (IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)) {
+               int conf_offset = fit_find_config_node(fit);
+
+               printf("## Checking hash(es) for config %s ... ",
+                      fit_get_name(fit, conf_offset, NULL));
+               if (fit_config_verify(fit, conf_offset))
+                       return -EPERM;
+               puts("OK\n");
+       }
+
        /* find the node holding the images information */
        images = fdt_path_offset(fit, FIT_IMAGES_PATH);
        if (images < 0) {