[PATCH] mkimage: fit: Fix signing of configs with external data
Sean Anderson
sean.anderson at seco.com
Wed Oct 12 18:29:26 CEST 2022
On 10/12/22 08:59, Simon Glass wrote:
> Hi Sean,
>
> On Tue, 11 Oct 2022 at 15:52, Sean Anderson <sean.anderson at seco.com> wrote:
>>
>> Just like we exclude data-size, data-position, and data-offset from
>> fit_config_check_sig, we must exclude them while signing as well.
>>
>> Fixes: 8edecd3110e ("fit: Fix verification of images with external data")
>> Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding")
>> Signed-off-by: Sean Anderson <sean.anderson at seco.com>
>> ---
>>
>> tools/image-host.c | 7 ++++++-
>> 1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/tools/image-host.c b/tools/image-host.c
>> index 698adfb3e1d..5ba6e3bbce0 100644
>> --- a/tools/image-host.c
>> +++ b/tools/image-host.c
>> @@ -917,7 +917,12 @@ static int fit_config_get_regions(const void *fit, int conf_noffset,
>> int *region_countp, char **region_propp,
>> int *region_proplen)
>> {
>> - char * const exc_prop[] = {"data"};
>> + char * const exc_prop[] = {
>> + "data",
>> + "data-size",
>> + "data-position",
>> + "data-offset"
>> + };
>> struct strlist node_inc;
>> struct image_region *region;
>> struct fdt_region fdt_regions[100];
>> --
>> 2.35.1.1320.gc452695387.dirty
>>
>
> It looks like we should be able to use FIT_DATA_POSITION_PROP (etc.) here?
Probably. fit_config_check_sig would also need to be updated.
--Sean
More information about the U-Boot
mailing list