small Issue with u-boot/tools/key2dtsi.py
Hans Gfirtner (Nokia)
hans.gfirtner at nokia.com
Fri Oct 31 10:07:10 CET 2025
Hi jan, all
I experienced an issue with some public keys (probability ~0,5%) u-boot fails to load secure kernel image:
There is a small flaw in the script, imagine you calculated a “rsa, r-squared” value with leading zero, then this script outputs just 255 values for it, without the leading 00.
I tested this with a script generating hundreds of keys and observed this error with approximately 0.5% chance (matching to the probability of having 00 in first place).
I fixed this locally in our u-boot by adding ", 256" to make sure leading zeros will also be generated:
out.write('\t\t\trsa,r-squared = [{}];\n'.format(int_to_bytestr(r_squared, 256)))
An example for a problematic public key (generated with openssl) to reproduce the issue would be:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FeZKqBPrnGw3PgvfJ7a
ajFUMt94MIBsW5movhjKfdCqHJt0oS/bQWAeOEzW7eaAU9RnQev8ud+WgyVuKyrz
AaUZ6gpQC4V/Ll3Z1k06JXGInCxTVaOQh/A3fCgntqQmyotK6UeE/Xe9uvQ7Olw7
n+d1nyGWWTrWt5wqQ2HRCyiDtD9kSMYoM9rKlU301oJOCBKZlvHJz+zP3jNz52ZB
SFe3daaYmbIGz4mDTigJjGEh2BA8M+rT+/JkAUqUBC07wC+DsuNpr/A8QSTWs1Lk
YwpUuzTaDij/UN1gJ/Xw2NMEkQMAbz6F4U4TbBez6/zDa52i/LmRn4A1nxy7agY8
kwIDAQAB
-----END PUBLIC KEY-----
BR
Hans
More information about the U-Boot
mailing list