[PATCH 2/2] rsa: sig: fix config signature check for fit with padding
Simon Glass
sjg at chromium.org
Fri Mar 27 20:44:26 CET 2020
Hi Philippe,
On Fri, 27 Mar 2020 at 08:55, Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> The signature check on config node is broken on fit with padding.
> To compute the signature for config node, u-boot compute the
U-Boot
> signature on all properties of requested node for this config,
> except for the property "data". But, when padding is used for
> binary in a fit, there isn't a property "data" but two properties:
> "data-offset" and "data-size". So to fix the check of signature,
> we also dont use the properties "data-offset" and "data-size"
don't
> when checking the signature on config node.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
> common/image-sig.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Reviewed-by: Simon Glass <sjg at chromium.org>
> diff --git a/common/image-sig.c b/common/image-sig.c
> index 639a112..8a0ea28 100644
> --- a/common/image-sig.c
> +++ b/common/image-sig.c
> @@ -362,7 +362,7 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
> int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
> char **err_msgp)
> {
> - char * const exc_prop[] = {"data"};
> + char * const exc_prop[] = {"data", "data-size", "data-position"};
> const char *prop, *end, *name;
> struct image_sign_info info;
> const uint32_t *strings;
> --
> 2.7.4
>
More information about the U-Boot
mailing list