[PATCH] mkimage: fit: Fix signing of configs with external data

Sean Anderson sean.anderson at seco.com
Wed Oct 12 18:29:26 CEST 2022


On 10/12/22 08:59, Simon Glass wrote:
> Hi Sean,
> 
> On Tue, 11 Oct 2022 at 15:52, Sean Anderson <sean.anderson at seco.com> wrote:
>>
>> Just like we exclude data-size, data-position, and data-offset from
>> fit_config_check_sig, we must exclude them while signing as well.
>>
>> Fixes: 8edecd3110e ("fit: Fix verification of images with external data")
>> Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding")
>> Signed-off-by: Sean Anderson <sean.anderson at seco.com>
>> ---
>>
>>   tools/image-host.c | 7 ++++++-
>>   1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/tools/image-host.c b/tools/image-host.c
>> index 698adfb3e1d..5ba6e3bbce0 100644
>> --- a/tools/image-host.c
>> +++ b/tools/image-host.c
>> @@ -917,7 +917,12 @@ static int fit_config_get_regions(const void *fit, int conf_noffset,
>>                                    int *region_countp, char **region_propp,
>>                                    int *region_proplen)
>>   {
>> -       char * const exc_prop[] = {"data"};
>> +       char * const exc_prop[] = {
>> +               "data",
>> +               "data-size",
>> +               "data-position",
>> +               "data-offset"
>> +       };
>>          struct strlist node_inc;
>>          struct image_region *region;
>>          struct fdt_region fdt_regions[100];
>> --
>> 2.35.1.1320.gc452695387.dirty
>>
> 
> It looks like we should be able to use FIT_DATA_POSITION_PROP (etc.) here?

Probably. fit_config_check_sig would also need to be updated.

--Sean


More information about the U-Boot mailing list