diff options
| -rw-r--r-- | include/image.h | 15 | ||||
| -rw-r--r-- | lib/aes/aes-encrypt.c | 7 | ||||
| -rw-r--r-- | tools/image-host.c | 2 |
3 files changed, 23 insertions, 1 deletions
diff --git a/include/image.h b/include/image.h index 9be5acd8158..cfe3c971a36 100644 --- a/include/image.h +++ b/include/image.h @@ -1788,6 +1788,21 @@ struct cipher_algo { const unsigned char *data, int data_len, unsigned char **cipher, int *cipher_len); + /** + * add_cipher_data() - Add cipher data to the FIT and device tree + * + * This is used to add the ciphered data to the FIT and other cipher + * related information (key and initialization vector) to a device tree. + * + * @info: Pointer to image cipher information. + * @keydest: Pointer to a device tree where the key and IV can be + * stored. keydest can be NULL when the key is retrieved at + * runtime by another mean. + * @fit: Pointer to the FIT image. + * @node_noffset: Offset where the cipher information are stored in the + * FIT. + * return: 0 on success, a negative error code otherwise. + */ int (*add_cipher_data)(struct image_cipher_info *info, void *keydest, void *fit, int node_noffset); diff --git a/lib/aes/aes-encrypt.c b/lib/aes/aes-encrypt.c index e74e35eaa28..90e1407b4f0 100644 --- a/lib/aes/aes-encrypt.c +++ b/lib/aes/aes-encrypt.c @@ -84,6 +84,13 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest, char name[128]; int ret = 0; + if (!keydest && !info->ivname) { + /* At least, store the IV in the FIT image */ + ret = fdt_setprop(fit, node_noffset, "iv", + info->iv, info->cipher->iv_len); + goto done; + } + /* Either create or overwrite the named cipher node */ parent = fdt_subnode_offset(keydest, 0, FIT_CIPHER_NODENAME); if (parent == -FDT_ERR_NOTFOUND) { diff --git a/tools/image-host.c b/tools/image-host.c index 5e01b853c50..16389bd4880 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -535,7 +535,7 @@ fit_image_process_cipher(const char *keydir, void *keydest, void *fit, * size values * And, if needed, write the iv in the FIT file */ - if (keydest) { + if (keydest || (!keydest && !info.ivname)) { ret = info.cipher->add_cipher_data(&info, keydest, fit, node_noffset); if (ret) { fprintf(stderr, |