[PATCH v2 2/3] common/spl: handle properly images with bad checksum
Jonas Karlman
jonas at kwiboo.se
Sat Jun 7 10:00:49 CEST 2025
Hi Mikhail,
On 2025-06-07 00:31, Mikhail Kshevetskiy wrote:
> load_simple_fit() returns -EPERM for the images with broken signatures.
> Unfortunately this may conflict with image loaging selection on the base
> of boot phase. See commit 873112db9ce68c38984ff25808dde726f8dd5573
> ("spl: Support selecting images based on phase in simple FIT").
>
> Thus loading of
>
> configurations {
> uboot {
> description = "u-boot";
> firmware = "atf";
> loadables = "atf", "tee", "uboot";
> };
> };
>
> with damaged "tee" image may finish without errors. This may results in
> board bricking. This should not happen.
>
> The simplest way to resolve an issue is returning the different error
> code for the cases of broken signature.
>
> Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy at iopsys.eu>
> ---
> common/spl/spl_fit.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
> index ab277bb2baa..783bb84bdb5 100644
> --- a/common/spl/spl_fit.c
> +++ b/common/spl/spl_fit.c
> @@ -322,7 +322,7 @@ static int load_simple_fit(struct spl_load_info *info, ulong fit_offset,
> fit_get_name(fit, node, NULL));
> if (!fit_image_verify_with_data(fit, node, gd_fdt_blob(), src,
> length))
> - return -EPERM;
> + return -EACCES;
I think a proper solution would be to fix the bad use of EPERM in the
commit 873112db9ce6 ("spl: Support selecting images based on phase in
simple FIT").
That commit should never have used EPERM in the first place, it should
be reverted or its use of EPERM could be changed to something that is
currently NOT used to block loading images that fail e.g. a signature
check.
Regards,
Jonas
> puts("OK\n");
> }
>
More information about the U-Boot
mailing list