binman: etype: u_boot_spl_pubkey_dtb: provide more explicit error for key-name-hint with path

key-name-hint property in u-boot-spl-pubkey-dtb binman entry may contain a path instead of a filename due to user mistake. Because we currently assume it is a filename instead of a path, binman will find the full path to the key based on that path, and return the dirname of the full path but keeps the path in key-name-hint instead of stripping the directories from it. This means mkimage will fail with the following error message if we have key-name-hint set to keys/dev: binman: Error 1 running 'fdt_add_pubkey -a sha256,rsa2048 -k /home/qschulz/work/upstream/u-boot/keys -n keys/dev -r conf /home/qschulz/work/upstream/u-boot/build/ringneck/u-boot-spl-dtbdhsfx3mf': Couldn't open RSA certificate: '/home/qschulz/work/upstream/u-boot/keys/keys/dev.crt': No such file or directory Let's make it a bit more obvious what the error is by erroring out in binman if a path is provided in key-name-hint (it is named key-name-hint and not key-path-hint after all). Fixes: 5609843b57 ("binman: etype: Add u-boot-spl-pubkey-dtb etype") Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> Reviewed-by: Simon Glass <sjg@chromium.org>
2025-04-18 13:26:08 +02:00
parent 2ddc47f9aa
commit 4e7e0ebcf5
3 changed files with 25 additions and 0 deletions
--- a/tools/binman/etype/u_boot_spl_pubkey_dtb.py
+++ b/tools/binman/etype/u_boot_spl_pubkey_dtb.py
@@ -87,6 +87,8 @@ class Entry_u_boot_spl_pubkey_dtb(Entry_blob_dtb):
                                         dir=tools.get_output_dir())\
                                              as pubkey_tdb:
            tools.write_file(pubkey_tdb.name, self.GetData())
+            if '/' in self._key_name_hint:
+                self.Raise(f"'{self._key_name_hint}' is a path not a filename")
            keyname = tools.get_input_filename(self._key_name_hint + ".crt")
            self.fdt_add_pubkey.run(pubkey_tdb.name,
                                    os.path.dirname(keyname),
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -7274,6 +7274,13 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
                         tools.to_bytes(''.join(node.props['key'].value)))
        self.assertNotIn('key-source', node.props)

+    def testKeyNameHintIsPathSplPubkeyDtb(self):
+        """Test that binman errors out on key-name-hint being a path"""
+        with self.assertRaises(ValueError) as e:
+            self._DoReadFile('348_key_name_hint_dir_spl_pubkey_dtb.dts')
+        self.assertIn(
+            'Node \'/binman/u-boot-spl-pubkey-dtb\': \'keys/key\' is a path not a filename',
+            str(e.exception))

    def testSplPubkeyDtb(self):
        """Test u_boot_spl_pubkey_dtb etype"""
--- a/tools/binman/test/348_key_name_hint_dir_spl_pubkey_dtb.dts
+++ b/tools/binman/test/348_key_name_hint_dir_spl_pubkey_dtb.dts
@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+	#address-cells = <1>;
+	#size-cells = <1>;
+
+	binman {
+		u-boot-spl-pubkey-dtb {
+			algo = "sha384,rsa4096";
+			required = "conf";
+			key-name-hint = "keys/key";
+		};
+	};
+};