[PATCH] spl: fit: enable hash control even without signature
Dario Binacchi
dariobin at libero.it
Tue Dec 3 22:06:18 CET 2019
The function "fit_image_verify_with_data" that performs the integrity
protection of FIT images is already able to correctly manage the device
tree nodes that require signature and/or hash control.
Tests with device tree with or without hash nodes but certainly not
signed have given positive results. Furthermore, the hash calculation
is performed only if the hash property has been detected, without
adding unnecessary calculations.
It is therefore useless and limiting to enable hash control only in
the case of a signed image.
Signed-off-by: Dario Binacchi <dariobin at libero.it>
---
common/spl/spl_fit.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index cbc00a4e7c..58ba40cb2f 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -242,14 +242,12 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector,
src = (void *)data;
}
-#ifdef CONFIG_SPL_FIT_SIGNATURE
printf("## Checking hash(es) for Image %s ... ",
fit_get_name(fit, node, NULL));
if (!fit_image_verify_with_data(fit, node,
src, length))
return -EPERM;
puts("OK\n");
-#endif
#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS
board_fit_image_post_process(&src, &length);
--
2.24.0
More information about the U-Boot
mailing list