[PATCH] lib: rsa: rsa-verify: don't look for keys in the FIT image
Simon Glass
sjg at chromium.org
Sun Jan 24 03:03:17 CET 2021
Hi ,
On Tue, 12 Jan 2021 at 11:19, Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> In the function rsa_verify_hash, if the "main" key doesn't
> work, u-boot try others keys. But it searches those keys
> in the FIT image instead of the u-boot device tree.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
> lib/rsa/rsa-verify.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
> index 0ab0f629d0..e34d3293d1 100644
> --- a/lib/rsa/rsa-verify.c
> +++ b/lib/rsa/rsa-verify.c
> @@ -522,10 +522,10 @@ int rsa_verify_hash(struct image_sign_info *info,
> return ret;
>
> /* No luck, so try each of the keys in turn */
> - for (ndepth = 0, noffset = fdt_next_node(info->fit, sig_node,
> + for (ndepth = 0, noffset = fdt_next_node(blob, sig_node,
> &ndepth);
> (noffset >= 0) && (ndepth > 0);
> - noffset = fdt_next_node(info->fit, noffset, &ndepth)) {
> + noffset = fdt_next_node(blob, noffset, &ndepth)) {
> if (ndepth == 1 && noffset != node) {
> ret = rsa_verify_with_keynode(info, hash,
> sig, sig_len,
Reviewed-by: Simon Glass <sjg at chromium.org>
But I wonder how this is not caught by tests? Can you look into that
please? We are obviously missing a test case.
- Simon
More information about the U-Boot
mailing list