From bf78a57e9a84ef4c882acd8c8710d364ed90730e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pali=20Roh=C3=A1r?= Date: Sun, 29 Jan 2023 14:33:36 +0100 Subject: [PATCH] tools: kwbimage: Fix generating secure boot data image signature MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Secure boot data image signature is calculated from the data image without trailing 4-bit checksum. Commit 37cb9c15d70d ("tools: kwbimage: Simplify aligning and calculating checksum") unintentionally broke this calculation when it increased payloadsz variable by 4 bytes which was propagated also into the add_secure_header_v1() function. Fix this issue by decreasing size of buffer by 4 bytes from which is calculated secure boot data image signature. Fixes: 37cb9c15d70d ("tools: kwbimage: Simplify aligning and calculating checksum") Signed-off-by: Pali Rohár --- tools/kwbimage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/kwbimage.c b/tools/kwbimage.c index b32f845..a8a59c1 100644 --- a/tools/kwbimage.c +++ b/tools/kwbimage.c @@ -1355,7 +1355,7 @@ static int add_secure_header_v1(struct image_tool_params *params, uint8_t *image if (kwb_sign_csk_with_kak(params, secure_hdr, csk)) return 1; - if (kwb_sign_and_verify(csk, image_ptr, image_size, + if (kwb_sign_and_verify(csk, image_ptr, image_size - 4, &secure_hdr->imgsig, "image") < 0) return 1; -- 2.7.4