[PATCH v2 4/7] tools: mkimage: add dm-verity Merkle-tree generation
Simon Glass
sjg at chromium.org
Thu Apr 16 21:36:33 CEST 2026
Hi Daniel,
On 2026-04-16T01:46:15, Daniel Golle <daniel at makrotopia.org> wrote:
> tools: mkimage: add dm-verity Merkle-tree generation
>
> When mkimage encounters a dm-verity subnode inside a component image
> node it now automatically invokes veritysetup(8) with --no-superblock
> to generate the Merkle hash tree, screen-scrapes the Root hash and Salt
> from the tool output, and writes the computed properties back into the
> FIT blob.
>
> The user only needs to specify algorithm, data-block-size, and
> hash-block-size in the ITS; mkimage fills in digest, salt,
> num-data-blocks, and hash-start-block. Because --no-superblock is
> used, hash-start-block equals num-data-blocks with no off-by-one.
>
> The image data property is replaced with the expanded content (original
> data followed directly by the hash tree) so that subsequent hash and
> signature subnodes operate on the complete image.
>
> fit_image_add_verification_data() is restructured into two passes:
> dm-verity first (may grow data), then hashes and signatures.
>
> [...]
> diff --git a/tools/image-host.c b/tools/image-host.c
> @@ -626,6 +629,309 @@ int fit_image_cipher_data(const char *keydir, void *keydest,
> + uint32_t hash_start_block;
> ...
> + /* hash tree starts immediately after data (no superblock) */
> + hash_start_block = hash_offset / hash_block_size;
The check for num_data_blocks overflowdoesn't protect against
hash_start_block overflow when hash-block-size < data-block-size. For
example, if data_block_size is 4096 and hash_block_size is 512,
hash_start_block can be 8x larger than num_data_blocks. Please can you
add a similar overflow check for hash_start_block?
Regards,
Simon
More information about the U-Boot
mailing list