From 0abe3323f5062032f8deb71cdc0635b124855d16 Mon Sep 17 00:00:00 2001 From: Sean Anderson Date: Thu, 20 Oct 2022 15:41:10 -0400 Subject: [PATCH] mkimage: fit: Fix signing of configs with external data Just like we exclude data-size, data-position, and data-offset from fit_config_check_sig, we must exclude them while signing as well. While we're at it, use the FIT_DATA_* defines for fit_config_check_sig as welll. Fixes: 8edecd3110e ("fit: Fix verification of images with external data") Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding") Signed-off-by: Sean Anderson Reviewed-by: Simon Glass --- boot/image-fit-sig.c | 8 ++++---- tools/image-host.c | 7 ++++++- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c index a461d59..1236989 100644 --- a/boot/image-fit-sig.c +++ b/boot/image-fit-sig.c @@ -260,10 +260,10 @@ static int fit_config_check_sig(const void *fit, int noffset, int conf_noffset, char **err_msgp) { static char * const exc_prop[] = { - "data", - "data-size", - "data-position", - "data-offset" + FIT_DATA_PROP, + FIT_DATA_SIZE_PROP, + FIT_DATA_POSITION_PROP, + FIT_DATA_OFFSET_PROP, }; const char *prop, *end, *name; diff --git a/tools/image-host.c b/tools/image-host.c index 0bf18df..4e0512b 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -915,7 +915,12 @@ static int fit_config_get_regions(const void *fit, int conf_noffset, int *region_countp, char **region_propp, int *region_proplen) { - char * const exc_prop[] = {"data"}; + char * const exc_prop[] = { + FIT_DATA_PROP, + FIT_DATA_SIZE_PROP, + FIT_DATA_POSITION_PROP, + FIT_DATA_OFFSET_PROP, + }; struct strlist node_inc; struct image_region *region; struct fdt_region fdt_regions[100]; -- 2.7.4