[PATCH v2 2/3] common/spl: handle properly images with bad checksum

Tom Rini trini at konsulko.com
Mon Jun 9 18:48:41 CEST 2025 

On Sat, Jun 07, 2025 at 10:00:49AM +0200, Jonas Karlman wrote:
> Hi Mikhail,
> 
> On 2025-06-07 00:31, Mikhail Kshevetskiy wrote:
> > load_simple_fit() returns -EPERM for the images with broken signatures.
> > Unfortunately this may conflict with image loaging selection on the base
> > of boot phase. See commit 873112db9ce68c38984ff25808dde726f8dd5573
> > ("spl: Support selecting images based on phase in simple FIT").
> > 
> > Thus loading of
> > 
> > 	configurations {
> > 		uboot {
> > 			description = "u-boot";
> > 			firmware = "atf";
> > 			loadables = "atf", "tee", "uboot";
> > 		};
> > 	};
> > 
> > with damaged "tee" image may finish without errors. This may results in
> > board bricking. This should not happen.
> > 
> > The simplest way to resolve an issue is returning the different error
> > code for the cases of broken signature.
> > 
> > Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy at iopsys.eu>
> > ---
> >  common/spl/spl_fit.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
> > index ab277bb2baa..783bb84bdb5 100644
> > --- a/common/spl/spl_fit.c
> > +++ b/common/spl/spl_fit.c
> > @@ -322,7 +322,7 @@ static int load_simple_fit(struct spl_load_info *info, ulong fit_offset,
> >  		       fit_get_name(fit, node, NULL));
> >  		if (!fit_image_verify_with_data(fit, node, gd_fdt_blob(), src,
> >  						length))
> > -			return -EPERM;
> > +			return -EACCES;
> 
> I think a proper solution would be to fix the bad use of EPERM in the
> commit 873112db9ce6 ("spl: Support selecting images based on phase in
> simple FIT").
> 
> That commit should never have used EPERM in the first place, it should
> be reverted or its use of EPERM could be changed to something that is
> currently NOT used to block loading images that fail e.g. a signature
> check.

Instead of EPERM in the case from commit 873112db9ce6 how about
(skimming linux/errno.h):
#define EBADSLT         57      /* Invalid slot */

And use EBADSLT ?

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250609/5d54327d/attachment.sig>

More information about the U-Boot mailing list