[PATCH] fit: Fix verification of images with external data

John Keeping john at metanate.com
Wed May 19 15:47:39 CEST 2021


On Tue, 20 Apr 2021 19:19:44 +0100
John Keeping <john at metanate.com> wrote:

> The "-E" option to mkimage generates a FIT with external data using the
> data-size and data-offset properties which must both be ignored when
> verifying a signature.
> 
> Add "data-offset" to the list of excluded properties for signature
> verification; since the line is now too long, re-format the list to
> one-per-line and make it static since the data is constant.
> 
> Signed-off-by: John Keeping <john at metanate.com>
> ---

Any feedback on this?  It would be nice to be able to verify all image
types produced by mkimage!


Thanks,
John

>  common/image-fit-sig.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c
> index 55ddf1879e..b979cd2a4b 100644
> --- a/common/image-fit-sig.c
> +++ b/common/image-fit-sig.c
> @@ -245,7 +245,13 @@ static int fit_config_check_sig(const void *fit, int noffset,
>  				int required_keynode, int conf_noffset,
>  				char **err_msgp)
>  {
> -	char * const exc_prop[] = {"data", "data-size", "data-position"};
> +	static char * const exc_prop[] = {
> +		"data",
> +		"data-size",
> +		"data-position",
> +		"data-offset"
> +	};
> +
>  	const char *prop, *end, *name;
>  	struct image_sign_info info;
>  	const uint32_t *strings;



More information about the U-Boot mailing list