| Message ID | 1585320900-5628-3-git-send-email-philippe.reynes@softathome.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | test/py: vboot: fix signature check on config node | expand |
Hi Philippe, On Fri, 27 Mar 2020 at 08:55, Philippe Reynes <philippe.reynes at softathome.com> wrote: > > The signature check on config node is broken on fit with padding. > To compute the signature for config node, u-boot compute the U-Boot > signature on all properties of requested node for this config, > except for the property "data". But, when padding is used for > binary in a fit, there isn't a property "data" but two properties: > "data-offset" and "data-size". So to fix the check of signature, > we also dont use the properties "data-offset" and "data-size" don't > when checking the signature on config node. > > Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com> > --- > common/image-sig.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Reviewed-by: Simon Glass <sjg at chromium.org> > diff --git a/common/image-sig.c b/common/image-sig.c > index 639a112..8a0ea28 100644 > --- a/common/image-sig.c > +++ b/common/image-sig.c > @@ -362,7 +362,7 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, > int fit_config_check_sig(const void *fit, int noffset, int required_keynode, > char **err_msgp) > { > - char * const exc_prop[] = {"data"}; > + char * const exc_prop[] = {"data", "data-size", "data-position"}; > const char *prop, *end, *name; > struct image_sign_info info; > const uint32_t *strings; > -- > 2.7.4 >
diff --git a/common/image-sig.c b/common/image-sig.c index 639a112..8a0ea28 100644 --- a/common/image-sig.c +++ b/common/image-sig.c @@ -362,7 +362,7 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, int fit_config_check_sig(const void *fit, int noffset, int required_keynode, char **err_msgp) { - char * const exc_prop[] = {"data"}; + char * const exc_prop[] = {"data", "data-size", "data-position"}; const char *prop, *end, *name; struct image_sign_info info; const uint32_t *strings;
The signature check on config node is broken on fit with padding. To compute the signature for config node, u-boot compute the signature on all properties of requested node for this config, except for the property "data". But, when padding is used for binary in a fit, there isn't a property "data" but two properties: "data-offset" and "data-size". So to fix the check of signature, we also dont use the properties "data-offset" and "data-size" when checking the signature on config node. Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com> --- common/image-sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)