From patchwork Wed Apr 29 13:26:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 238885 List-Id: U-Boot discussion From: philippe.reynes at softathome.com (Philippe Reynes) Date: Wed, 29 Apr 2020 15:26:17 +0200 Subject: [PATCH v3 2/2] rsa: sig: fix config signature check for fit with padding In-Reply-To: <1588166777-9610-1-git-send-email-philippe.reynes@softathome.com> References: <1588166777-9610-1-git-send-email-philippe.reynes@softathome.com> Message-ID: <1588166777-9610-3-git-send-email-philippe.reynes@softathome.com> The signature check on config node is broken on fit with padding. To compute the signature for config node, U-Boot compute the signature on all properties of requested node for this config, except for the property "data". But, when padding is used for binary in a fit, there isn't a property "data" but two properties: "data-offset" and "data-size". So to fix the check of signature, we also don't use the properties "data-offset" and "data-size" when checking the signature on config node. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- common/image-fit-sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changelog: v3: - rebase on master v2: - fix spelling in commit message (thanks Simon) diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c index 3e73578..a3a0c61 100644 --- a/common/image-fit-sig.c +++ b/common/image-fit-sig.c @@ -249,7 +249,7 @@ static int fit_config_check_sig(const void *fit, int noffset, int required_keynode, int conf_noffset, char **err_msgp) { - char * const exc_prop[] = {"data"}; + char * const exc_prop[] = {"data", "data-size", "data-position"}; const char *prop, *end, *name; struct image_sign_info info; const uint32_t *strings;