[PATCH] fit: Fix verification of images with external data
John Keeping
john at metanate.com
Wed May 19 15:47:39 CEST 2021
On Tue, 20 Apr 2021 19:19:44 +0100
John Keeping <john at metanate.com> wrote:
> The "-E" option to mkimage generates a FIT with external data using the
> data-size and data-offset properties which must both be ignored when
> verifying a signature.
>
> Add "data-offset" to the list of excluded properties for signature
> verification; since the line is now too long, re-format the list to
> one-per-line and make it static since the data is constant.
>
> Signed-off-by: John Keeping <john at metanate.com>
> ---
Any feedback on this? It would be nice to be able to verify all image
types produced by mkimage!
Thanks,
John
> common/image-fit-sig.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c
> index 55ddf1879e..b979cd2a4b 100644
> --- a/common/image-fit-sig.c
> +++ b/common/image-fit-sig.c
> @@ -245,7 +245,13 @@ static int fit_config_check_sig(const void *fit, int noffset,
> int required_keynode, int conf_noffset,
> char **err_msgp)
> {
> - char * const exc_prop[] = {"data", "data-size", "data-position"};
> + static char * const exc_prop[] = {
> + "data",
> + "data-size",
> + "data-position",
> + "data-offset"
> + };
> +
> const char *prop, *end, *name;
> struct image_sign_info info;
> const uint32_t *strings;
More information about the U-Boot
mailing list