[PATCH v2 3/3] mkimage: fit: don't cipher ciphered data
Philippe REYNES
philippe.reynes at softathome.com
Thu Jul 30 15:58:22 CEST 2020
Hi Patrick,
> From: Patrick Oppenlander <patrick.oppenlander at gmail.com>
>
> Previously, mkimage -F could be run multiple times causing already
> ciphered image data to be ciphered again.
Reviewed-by: Philippe Reynes <philippe.reynes at softathome.com>
> Signed-off-by: Patrick Oppenlander <patrick.oppenlander at gmail.com>
Regards,
Philippe
> ---
> tools/image-host.c | 15 ++++++++++++++-
> 1 file changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/tools/image-host.c b/tools/image-host.c
> index b4603c5f01..e5417beee5 100644
> --- a/tools/image-host.c
> +++ b/tools/image-host.c
> @@ -482,7 +482,7 @@ int fit_image_cipher_data(const char *keydir, void *keydest,
> const char *image_name;
> const void *data;
> size_t size;
> - int cipher_node_offset;
> + int cipher_node_offset, len;
>
> /* Get image name */
> image_name = fit_get_name(fit, image_noffset, NULL);
> @@ -497,6 +497,19 @@ int fit_image_cipher_data(const char *keydir, void
> *keydest,
> return -1;
> }
>
> + /*
> + * Don't cipher ciphered data.
> + *
> + * If the data-size-unciphered property is present the data for this
> + * image is already encrypted. This is important as 'mkimage -F' can be
> + * run multiple times on a FIT image.
> + */
> + if (fdt_getprop(fit, image_noffset, "data-size-unciphered", &len))
> + return 0;
> + if (len != -FDT_ERR_NOTFOUND) {
> + printf("Failure testing for data-size-unciphered\n");
> + return -1;
> + }
>
> /* Process cipher node if present */
> cipher_node_offset = fdt_subnode_offset(fit, image_noffset,
> --
> 2.27.0
More information about the U-Boot
mailing list