[PATCH v2 2/3] common/spl: handle properly images with bad checksum

[Mikhail Kshevetskiy]

Simon Glass,  what do you think? What is the best solution from your
point of view?

Mikhail Kshevetskiy

On 07.06.2025 11:00, Jonas Karlman wrote:
> Hi Mikhail,
>
> On 2025-06-07 00:31, Mikhail Kshevetskiy wrote:
>> load_simple_fit() returns -EPERM for the images with broken signatures.
>> Unfortunately this may conflict with image loaging selection on the base
>> of boot phase. See commit 873112db9ce68c38984ff25808dde726f8dd5573
>> ("spl: Support selecting images based on phase in simple FIT").
>>
>> Thus loading of
>>
>> 	configurations {
>> 		uboot {
>> 			description = "u-boot";
>> 			firmware = "atf";
>> 			loadables = "atf", "tee", "uboot";
>> 		};
>> 	};
>>
>> with damaged "tee" image may finish without errors. This may results in
>> board bricking. This should not happen.
>>
>> The simplest way to resolve an issue is returning the different error
>> code for the cases of broken signature.
>>
>> Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy at iopsys.eu>
>> ---
>>  common/spl/spl_fit.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
>> index ab277bb2baa..783bb84bdb5 100644
>> --- a/common/spl/spl_fit.c
>> +++ b/common/spl/spl_fit.c
>> @@ -322,7 +322,7 @@ static int load_simple_fit(struct spl_load_info *info, ulong fit_offset,
>>  		       fit_get_name(fit, node, NULL));
>>  		if (!fit_image_verify_with_data(fit, node, gd_fdt_blob(), src,
>>  						length))
>> -			return -EPERM;
>> +			return -EACCES;
> I think a proper solution would be to fix the bad use of EPERM in the
> commit 873112db9ce6 ("spl: Support selecting images based on phase in
> simple FIT").
>
> That commit should never have used EPERM in the first place, it should
> be reverted or its use of EPERM could be changed to something that is
> currently NOT used to block loading images that fail e.g. a signature
> check.
>
> Regards,
> Jonas
>
>>  		puts("OK\n");
>>  	}
>>