fiptool: Add support for printing the sha256 digest with info command

This feature allows one to quickly verify that the expected
image is contained in the FIP without extracting the image and
running sha256sum(1) on it.

The sha256 digest is only shown when the verbose flag is used.

This change requires libssl-dev to be installed in order to build
Trusted Firmware. Previously, libssl-dev was optionally needed only
to support Trusted Board Boot configurations.

Fixes ARM-Software/tf-issues#124

Change-Id: Ifb1408d17f483d482bb270a589ee74add25ec5a6

diff --git a/docs/user-guide.md b/docs/user-guide.md
index a6959b1441777bf6892eb18faf8874992924f6c1..d545262c393b1767d547716d5539b01eb3ed0d7b 100644 (file)
--- a/docs/user-guide.md
+++ b/docs/user-guide.md
@@ -64,7 +64,7 @@ Cygwin, and Msys (MinGW) shells, using version 4.9.1 of the GNU toolchain.
 Install the required packages to build Trusted Firmware with the following
 command:
 
-    sudo apt-get install build-essential gcc make git
+    sudo apt-get install build-essential gcc make git libssl-dev
 
 Download and install the AArch64 little-endian GCC cross compiler as indicated
 in the [Linaro instructions][Linaro SW Instructions].
@@ -74,8 +74,6 @@ In addition, the following optional packages and tools may be needed:
 *   `device-tree-compiler` package if you need to rebuild the Flattened Device
     Tree (FDT) source files (`.dts` files) provided with this software.
 
-*   `libssl-dev` package if Trusted Board Boot is enabled in the build.
-
 *   For debugging, ARM [Development Studio 5 (DS-5)][DS-5].
 
 

diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
index 3bc372a281b47289dbaea89ff9768ca01ef4270c..df76a75e6ebc81f871e48c01020cb6665ca37a5e 100644 (file)
--- a/tools/fiptool/Makefile
+++ b/tools/fiptool/Makefile
@@ -44,6 +44,7 @@ ifeq (${DEBUG},1)
 else
   CFLAGS += -O2
 endif
+LDLIBS := -lcrypto
 
 ifeq (${V},0)
   Q := @
@@ -62,7 +63,7 @@ all: ${PROJECT} fip_create
 
 ${PROJECT}: ${OBJECTS} Makefile
        @echo "  LD      $@"
-       ${Q}${CC} ${OBJECTS} -o $@
+       ${Q}${CC} ${OBJECTS} -o $@ ${LDLIBS}
        @${ECHO_BLANK_LINE}
        @echo "Built $@ successfully"
        @${ECHO_BLANK_LINE}

diff --git a/tools/fiptool/fiptool.c b/tools/fiptool/fiptool.c
index 68ddcf5a76ef20f06f7232a7ef4c11ba3b08b324..6a3406e0504906ecca22d788dbd07f735b721a59 100644 (file)
--- a/tools/fiptool/fiptool.c
+++ b/tools/fiptool/fiptool.c
@@ -42,6 +42,8 @@
 #include <string.h>
 #include <unistd.h>
 
+#include <openssl/sha.h>
+
 #include "fiptool.h"
 #include "firmware_image_package.h"
 #include "tbbr_config.h"
@@ -354,6 +356,14 @@ static void add_opt(struct option *opts, int idx, char *name,
        opts[idx].val = val;
 }
 
+static void md_print(unsigned char *md, size_t len)
+{
+       size_t i;
+
+       for (i = 0; i < len; i++)
+               printf("%02x", md[i]);
+}
+
 static int info_cmd(int argc, char *argv[])
 {
        image_t *image;
@@ -391,10 +401,16 @@ static int info_cmd(int argc, char *argv[])
                    (unsigned long long)image_offset,
                    (unsigned long long)image_size);
                if (image->toc_entry != NULL)
-                       printf(", cmdline=\"--%s\"\n",
+                       printf(", cmdline=\"--%s\"",
                            image->toc_entry->cmdline_name);
-               else
-                       putchar('\n');
+               if (verbose) {
+                       unsigned char md[SHA256_DIGEST_LENGTH];
+
+                       SHA256(image->buffer, image_size, md);
+                       printf(", sha256=");
+                       md_print(md, sizeof(md));
+               }
+               putchar('\n');
                image_offset += image_size;
        }