[PATCH 2/2] rsa: sig: fix config signature check for fit with padding
Philippe Reynes
philippe.reynes at softathome.com
Fri Mar 27 15:55:00 CET 2020
The signature check on config node is broken on fit with padding.
To compute the signature for config node, u-boot compute the
signature on all properties of requested node for this config,
except for the property "data". But, when padding is used for
binary in a fit, there isn't a property "data" but two properties:
"data-offset" and "data-size". So to fix the check of signature,
we also dont use the properties "data-offset" and "data-size"
when checking the signature on config node.
Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
---
common/image-sig.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/image-sig.c b/common/image-sig.c
index 639a112..8a0ea28 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -362,7 +362,7 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
char **err_msgp)
{
- char * const exc_prop[] = {"data"};
+ char * const exc_prop[] = {"data", "data-size", "data-position"};
const char *prop, *end, *name;
struct image_sign_info info;
const uint32_t *strings;
--
2.7.4
More information about the U-Boot
mailing list