small Issue with u-boot/tools/key2dtsi.py

[Jan Kiszka]

On 31.10.25 10:07, Hans Gfirtner (Nokia) wrote:
> Hi jan, all
> 
> I experienced an issue with some public keys (probability ~0,5%) u-boot fails to load secure kernel image:
> 
> There is a small flaw in the script, imagine you calculated a “rsa, r-squared” value with leading zero, then this script outputs just 255 values for it, without the leading 00.
> I tested this with a script generating hundreds of keys and observed this error with approximately 0.5% chance (matching to the probability of having 00 in first place).
> I fixed this locally in our u-boot by adding ", 256" to make sure leading zeros will also be generated:
> 
> out.write('\t\t\trsa,r-squared = [{}];\n'.format(int_to_bytestr(r_squared, 256)))

Well, that may only help for certain key sizes. What if r_squared needs
more than 256 bytes?

> 
> An example for a problematic public key (generated with openssl) to reproduce the issue would be:
> -----BEGIN PUBLIC KEY-----
> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FeZKqBPrnGw3PgvfJ7a
> ajFUMt94MIBsW5movhjKfdCqHJt0oS/bQWAeOEzW7eaAU9RnQev8ud+WgyVuKyrz
> AaUZ6gpQC4V/Ll3Z1k06JXGInCxTVaOQh/A3fCgntqQmyotK6UeE/Xe9uvQ7Olw7
> n+d1nyGWWTrWt5wqQ2HRCyiDtD9kSMYoM9rKlU301oJOCBKZlvHJz+zP3jNz52ZB
> SFe3daaYmbIGz4mDTigJjGEh2BA8M+rT+/JkAUqUBC07wC+DsuNpr/A8QSTWs1Lk
> YwpUuzTaDij/UN1gJ/Xw2NMEkQMAbz6F4U4TbBez6/zDa52i/LmRn4A1nxy7agY8
> kwIDAQAB
> -----END PUBLIC KEY-----
> 

Thanks for the report. I just sent a patch that is supposed to fix the
root cause.

Jan

-- 
Siemens AG, Foundational Technologies
Linux Expert Center