fiptool: Add support for printing the sha256 digest with info command
This feature allows one to quickly verify that the expected
image is contained in the FIP without extracting the image and
running sha256sum(1) on it.
The sha256 digest is only shown when the verbose flag is used.
This change requires libssl-dev to be installed in order to build
Trusted Firmware. Previously, libssl-dev was optionally needed only
to support Trusted Board Boot configurations.
Fixes ARM-Software/tf-issues#124
Change-Id: Ifb1408d17f483d482bb270a589ee74add25ec5a6
diff --git a/docs/user-guide.md b/docs/user-guide.md
index a6959b1..d545262 100644
--- a/docs/user-guide.md
+++ b/docs/user-guide.md
@@ -64,7 +64,7 @@
Install the required packages to build Trusted Firmware with the following
command:
- sudo apt-get install build-essential gcc make git
+ sudo apt-get install build-essential gcc make git libssl-dev
Download and install the AArch64 little-endian GCC cross compiler as indicated
in the [Linaro instructions][Linaro SW Instructions].
@@ -74,8 +74,6 @@
* `device-tree-compiler` package if you need to rebuild the Flattened Device
Tree (FDT) source files (`.dts` files) provided with this software.
-* `libssl-dev` package if Trusted Board Boot is enabled in the build.
-
* For debugging, ARM [Development Studio 5 (DS-5)][DS-5].
diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
index 3bc372a..df76a75 100644
--- a/tools/fiptool/Makefile
+++ b/tools/fiptool/Makefile
@@ -44,6 +44,7 @@
else
CFLAGS += -O2
endif
+LDLIBS := -lcrypto
ifeq (${V},0)
Q := @
@@ -62,7 +63,7 @@
${PROJECT}: ${OBJECTS} Makefile
@echo " LD $@"
- ${Q}${CC} ${OBJECTS} -o $@
+ ${Q}${CC} ${OBJECTS} -o $@ ${LDLIBS}
@${ECHO_BLANK_LINE}
@echo "Built $@ successfully"
@${ECHO_BLANK_LINE}
diff --git a/tools/fiptool/fiptool.c b/tools/fiptool/fiptool.c
index 68ddcf5..6a3406e 100644
--- a/tools/fiptool/fiptool.c
+++ b/tools/fiptool/fiptool.c
@@ -42,6 +42,8 @@
#include <string.h>
#include <unistd.h>
+#include <openssl/sha.h>
+
#include "fiptool.h"
#include "firmware_image_package.h"
#include "tbbr_config.h"
@@ -354,6 +356,14 @@
opts[idx].val = val;
}
+static void md_print(unsigned char *md, size_t len)
+{
+ size_t i;
+
+ for (i = 0; i < len; i++)
+ printf("%02x", md[i]);
+}
+
static int info_cmd(int argc, char *argv[])
{
image_t *image;
@@ -391,10 +401,16 @@
(unsigned long long)image_offset,
(unsigned long long)image_size);
if (image->toc_entry != NULL)
- printf(", cmdline=\"--%s\"\n",
+ printf(", cmdline=\"--%s\"",
image->toc_entry->cmdline_name);
- else
- putchar('\n');
+ if (verbose) {
+ unsigned char md[SHA256_DIGEST_LENGTH];
+
+ SHA256(image->buffer, image_size, md);
+ printf(", sha256=");
+ md_print(md, sizeof(md));
+ }
+ putchar('\n');
image_offset += image_size;
}
