TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 2a01f3f34107aa2b7dfa21c2aedc95a27743cde4^! / . / scripts
commit2a01f3f34107aa2b7dfa21c2aedc95a27743cde4[log] [tgz]
authorCasper Meijn <casper@meijn.net>Sat Aug 22 13:51:40 2020 +0200
committerFabio Utzig <utzig@utzig.org>Wed Sep 09 07:34:01 2020 -0300
tree24a5f4ec90d14b9792089b94f4ba4ba31e69347f
parent009a150422543f94c826250942a990fb48d2a95e [diff]
imgtool: Print image digest during verify

In an effort to create a script to do firmware based on an URL, I could
not easily retrieve the image digest. `newtmgr` needs the hash when
marking a image for testing.

Signed-off-by: Casper Meijn <casper@meijn.net>

diff --git a/scripts/imgtool/image.py b/scripts/imgtool/image.py
index 40a72bd..37c3091 100644
--- a/scripts/imgtool/image.py
+++ b/scripts/imgtool/image.py

@@ -529,12 +529,12 @@
         version = struct.unpack('BBHI', b[20:28])
 
         if magic != IMAGE_MAGIC:
-            return VerifyResult.INVALID_MAGIC, None
+            return VerifyResult.INVALID_MAGIC, None, None
 
         tlv_info = b[header_size+img_size:header_size+img_size+TLV_INFO_SIZE]
         magic, tlv_tot = struct.unpack('HH', tlv_info)
         if magic != TLV_INFO_MAGIC:
-            return VerifyResult.INVALID_TLV_INFO_MAGIC, None
+            return VerifyResult.INVALID_TLV_INFO_MAGIC, None, None
 
         sha = hashlib.sha256()
         sha.update(b[:header_size+img_size])
@@ -550,9 +550,9 @@
                 off = tlv_off + TLV_SIZE
                 if digest == b[off:off+tlv_len]:
                     if key is None:
-                        return VerifyResult.OK, version
+                        return VerifyResult.OK, version, digest
                 else:
-                    return VerifyResult.INVALID_HASH, None
+                    return VerifyResult.INVALID_HASH, None, None
             elif key is not None and tlv_type == TLV_VALUES[key.sig_tlv()]:
                 off = tlv_off + TLV_SIZE
                 tlv_sig = b[off:off+tlv_len]
@@ -562,9 +562,9 @@
                         key.verify(tlv_sig, payload)
                     else:
                         key.verify_digest(tlv_sig, digest)
-                    return VerifyResult.OK, version
+                    return VerifyResult.OK, version, digest
                 except InvalidSignature:
                     # continue to next TLV
                     pass
             tlv_off += TLV_SIZE + tlv_len
-        return VerifyResult.INVALID_SIGNATURE, None
+        return VerifyResult.INVALID_SIGNATURE, None, None

diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py
index 58564e5..8fee864 100755
--- a/scripts/imgtool/main.py
+++ b/scripts/imgtool/main.py

@@ -140,10 +140,11 @@
 @click.command(help="Check that signed image can be verified by given key")
 def verify(key, imgfile):
     key = load_key(key) if key else None
-    ret, version = image.Image.verify(imgfile, key)
+    ret, version, digest = image.Image.verify(imgfile, key)
     if ret == image.VerifyResult.OK:
         print("Image was correctly validated")
         print("Image version: {}.{}.{}+{}".format(*version))
+        print("Image digest: {}".format(digest.hex()))
         return
     elif ret == image.VerifyResult.INVALID_MAGIC:
         print("Invalid image magic; is this an MCUboot image?")