[PATCH 0/3] Binman: fix signing an encrypted FIT with a preload key
yan wang
yan.wang at softathome.com
Thu Jul 3 14:54:51 CEST 2025
When running the test case testPreLoadEncryptedFit, mkimage has been called
multiple times. Each call to Entry_fit's GetData falls into Entry_fit's
BuildSectionData then mkimage is called. The last mkimage is called after
the image has been signed with the preload key. As mkimage uses a random
IV for encryption and the timestamps may differ, There is a
mismatch between the previously calculated signature and the
final fit included in the image.
During ProcessImage, how can one tell when exactly a fit is well generated,
and stop the useless mkimage afterwards?
Paul HENRYS (2):
binman: Generate the preload header and sign the data only once
tools: binman: Test signing an encrypted FIT with a preload header
yan wang (1):
binman: Fix signing an encryted FIT with a preload key
tools/binman/etype/pre_load.py | 12 ++--
tools/binman/ftest.py | 17 +++++
tools/binman/image.py | 10 +++
.../test/336_pre_load_fit_encrypted.dts | 63 +++++++++++++++++++
4 files changed, 96 insertions(+), 6 deletions(-)
create mode 100644 tools/binman/test/336_pre_load_fit_encrypted.dts
--
2.25.1
More information about the U-Boot
mailing list