[PATCH 3/3] mkimage: fit: don't cipher ciphered data
Patrick Oppenlander
patrick.oppenlander at gmail.com
Thu Jul 30 03:27:11 CEST 2020
On Thu, Jul 30, 2020 at 3:17 AM Philippe REYNES
<philippe.reynes at softathome.com> wrote:
>
> As for the second patch, I think that the loop is not an issue because
> it always start with "fresh/clean" value (using a backup file).
>
> So I am not sure that changes in this function are needed.
>
OK, I overlooked this.
I will resubmit a simplified patch series.
>
> > static int
> > @@ -482,7 +492,7 @@ int fit_image_cipher_data(const char *keydir, void *keydest,
> > const char *image_name;
> > const void *data;
> > size_t size;
> > - int cipher_node_offset;
> > + int cipher_node_offset, len;
> >
> > /* Get image name */
> > image_name = fit_get_name(fit, image_noffset, NULL);
> > @@ -497,6 +507,13 @@ int fit_image_cipher_data(const char *keydir, void
> > *keydest,
> > return -1;
> > }
> >
> > + /* Don't cipher ciphered data */
> > + if (fdt_getprop(fit, image_noffset, "data-size-unciphered", &len))
> > + return 0;
> > + if (len != -FDT_ERR_NOTFOUND) {
> > + printf("Failure testing for data-size-unciphered\n");
> > + return -1;
> > + }
>
> From my point of view, it fixes an issue. But I see this solution more
> as "workaround" than a clean solution.
>
> As it fixes a real issue, we may start with it and then try to found a
> "clean" solution.
>
True, it's not ideal. But at least it fixes the bug :)
Thanks for the review,
Patrick
More information about the U-Boot
mailing list