diff mbox series

[2/2] rsa: sig: fix config signature check for fit with padding

Message ID 1585320900-5628-3-git-send-email-philippe.reynes@softathome.com
State Superseded
Headers show
Series test/py: vboot: fix signature check on config node | expand

Commit Message

Philippe REYNES March 27, 2020, 2:55 p.m. UTC
The signature check on config node is broken on fit with padding.
To compute the signature for config node, u-boot compute the
signature on all properties of requested node for this config,
except for the property "data". But, when padding is used for
binary in a fit, there isn't a property "data" but two properties:
"data-offset" and "data-size". So to fix the check of signature,
we also dont use the properties "data-offset" and "data-size"
when checking the signature on config node.

Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
---
 common/image-sig.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Simon Glass March 27, 2020, 7:44 p.m. UTC | #1
Hi Philippe,

On Fri, 27 Mar 2020 at 08:55, Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> The signature check on config node is broken on fit with padding.
> To compute the signature for config node, u-boot compute the

U-Boot

> signature on all properties of requested node for this config,
> except for the property "data". But, when padding is used for
> binary in a fit, there isn't a property "data" but two properties:
> "data-offset" and "data-size". So to fix the check of signature,
> we also dont use the properties "data-offset" and "data-size"

don't

> when checking the signature on config node.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
>  common/image-sig.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>

Reviewed-by: Simon Glass <sjg at chromium.org>


> diff --git a/common/image-sig.c b/common/image-sig.c
> index 639a112..8a0ea28 100644
> --- a/common/image-sig.c
> +++ b/common/image-sig.c
> @@ -362,7 +362,7 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
>  int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
>                          char **err_msgp)
>  {
> -       char * const exc_prop[] = {"data"};
> +       char * const exc_prop[] = {"data", "data-size", "data-position"};
>         const char *prop, *end, *name;
>         struct image_sign_info info;
>         const uint32_t *strings;
> --
> 2.7.4
>
diff mbox series

Patch

diff --git a/common/image-sig.c b/common/image-sig.c
index 639a112..8a0ea28 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -362,7 +362,7 @@  int fit_image_verify_required_sigs(const void *fit, int image_noffset,
 int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
 			 char **err_msgp)
 {
-	char * const exc_prop[] = {"data"};
+	char * const exc_prop[] = {"data", "data-size", "data-position"};
 	const char *prop, *end, *name;
 	struct image_sign_info info;
 	const uint32_t *strings;