diff mbox series

[v2,08/14] image: Load the correct configuration in fit_check_sign

Message ID 20200318174408.77473-9-sjg@chromium.org
State Accepted
Commit 8a9d03732e6d0f68107c80919096e7cf956dcb3d
Headers show
Series vboot: Fix forged-configuration vulnerability | expand

Commit Message

Simon Glass March 18, 2020, 5:44 p.m. UTC
At present bootm_host_load_images() is passed the configuration that has
been verified, but ignores it and just uses the default configuration.
This may not be the same.

Update this function to use the selected configuration.

Signed-off-by: Simon Glass <sjg at chromium.org>
---

Changes in v2: None

 common/bootm.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/common/bootm.c b/common/bootm.c
index 902c13880d..db4362a643 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -819,7 +819,8 @@  void __weak switch_to_non_secure_mode(void)
 #else /* USE_HOSTCC */
 
 #if defined(CONFIG_FIT_SIGNATURE)
-static int bootm_host_load_image(const void *fit, int req_image_type)
+static int bootm_host_load_image(const void *fit, int req_image_type,
+				 int cfg_noffset)
 {
 	const char *fit_uname_config = NULL;
 	ulong data, len;
@@ -831,6 +832,7 @@  static int bootm_host_load_image(const void *fit, int req_image_type)
 	void *load_buf;
 	int ret;
 
+	fit_uname_config = fdt_get_name(fit, cfg_noffset, NULL);
 	memset(&images, '\0', sizeof(images));
 	images.verify = 1;
 	noffset = fit_image_load(&images, (ulong)fit,
@@ -878,7 +880,7 @@  int bootm_host_load_images(const void *fit, int cfg_noffset)
 	for (i = 0; i < ARRAY_SIZE(image_types); i++) {
 		int ret;
 
-		ret = bootm_host_load_image(fit, image_types[i]);
+		ret = bootm_host_load_image(fit, image_types[i], cfg_noffset);
 		if (!err && ret && ret != -ENOENT)
 			err = ret;
 	}