[PATCH v2] mkimage: fit: Fix signing of configs with external data

Sean Anderson sean.anderson at seco.com
Thu Oct 20 21:41:10 CEST 2022


Just like we exclude data-size, data-position, and data-offset from
fit_config_check_sig, we must exclude them while signing as well.

While we're at it, use the FIT_DATA_* defines for fit_config_check_sig
as welll.

Fixes: 8edecd3110e ("fit: Fix verification of images with external data")
Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding")
Signed-off-by: Sean Anderson <sean.anderson at seco.com>
---

Changes in v2:
- Use FIT_DATA_* defines

 boot/image-fit-sig.c | 8 ++++----
 tools/image-host.c   | 7 ++++++-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c
index a461d591a0e..12369896fe3 100644
--- a/boot/image-fit-sig.c
+++ b/boot/image-fit-sig.c
@@ -260,10 +260,10 @@ static int fit_config_check_sig(const void *fit, int noffset, int conf_noffset,
 				char **err_msgp)
 {
 	static char * const exc_prop[] = {
-		"data",
-		"data-size",
-		"data-position",
-		"data-offset"
+		FIT_DATA_PROP,
+		FIT_DATA_SIZE_PROP,
+		FIT_DATA_POSITION_PROP,
+		FIT_DATA_OFFSET_PROP,
 	};
 
 	const char *prop, *end, *name;
diff --git a/tools/image-host.c b/tools/image-host.c
index 698adfb3e1d..4a4e1c10d1e 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -917,7 +917,12 @@ static int fit_config_get_regions(const void *fit, int conf_noffset,
 				  int *region_countp, char **region_propp,
 				  int *region_proplen)
 {
-	char * const exc_prop[] = {"data"};
+	char * const exc_prop[] = {
+		FIT_DATA_PROP,
+		FIT_DATA_SIZE_PROP,
+		FIT_DATA_POSITION_PROP,
+		FIT_DATA_OFFSET_PROP,
+	};
 	struct strlist node_inc;
 	struct image_region *region;
 	struct fdt_region fdt_regions[100];
-- 
2.35.1.1320.gc452695387.dirty



More information about the U-Boot mailing list