[U-Boot] Hi Simon, There may exist a problem about FIT image signature verify , can you check this problem?
Duxiaoqiang
duxiaoqiang at huawei.com
Tue Oct 21 04:52:01 CEST 2014
Hi Simon & All
These days I tested verified U-Boot on ARM Foundation. And I found a problem when I tested like this:
1) Generate a FIT image and signature blob file like: mkimage -D "-I dts -O dtb -p 2000" -F kernel.its -k keys -K fvp.dtb -r signed_image.fit
2) Compile the Uboot like :
Step1: Make distclean
Step2: Make DEVICE_TREE=foundation all. After this step, there generated a u-boot-dtb.bin file, but public key was not contained in it.
Normally I should use the public key contained blob file fvp.dtb to compile Uoobt like: make EXT_DTB=<path>/fvp.dtb.
In my test case, I omitted the last step, and just choose step2's result to test.
3) Package firmware together with uboot
4) Boot system on Foundation
For the signed_image.fit contains the signature information, but U-Boot has no public key information contained, When U-boot load the image,
There occurred error information like ": No signature node found: ", this result was normal.
But the system wasn't stopped after this error information, it keep going on and boot the system success at last!
I checked the source code about UBoot, and found problem in function fit_config_verify_required_sigs
Please note the red part.
int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
const void *sig_blob)
{
int noffset;
int sig_node;
/* Work out what we need to verify */
sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME);
if (sig_node < 0) {
debug("%s: No signature node found: %s\n", __func__,
fdt_strerror(sig_node));
return 0; --> Since mismatch exists between UBoot and images, system should return a error code. Return 0 means the result was ok.
}
.........
After I modified return0 to return -1, result seems ok.
Please check this problem, and confirm should I have to commit a patch or someone else will modify it.
Sincerely.
Jason
More information about the U-Boot
mailing list