[PATCH] fit: Fix verification of images with external data

John Keeping john at metanate.com
Tue Apr 20 20:19:44 CEST 2021

The "-E" option to mkimage generates a FIT with external data using the
data-size and data-offset properties which must both be ignored when
verifying a signature.

Add "data-offset" to the list of excluded properties for signature
verification; since the line is now too long, re-format the list to
one-per-line and make it static since the data is constant.

Signed-off-by: John Keeping <john at metanate.com>
 common/image-fit-sig.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c
index 55ddf1879e..b979cd2a4b 100644
--- a/common/image-fit-sig.c
+++ b/common/image-fit-sig.c
@@ -245,7 +245,13 @@ static int fit_config_check_sig(const void *fit, int noffset,
 				int required_keynode, int conf_noffset,
 				char **err_msgp)
-	char * const exc_prop[] = {"data", "data-size", "data-position"};
+	static char * const exc_prop[] = {
+		"data",
+		"data-size",
+		"data-position",
+		"data-offset"
+	};
 	const char *prop, *end, *name;
 	struct image_sign_info info;
 	const uint32_t *strings;

More information about the U-Boot mailing list