Just like we exclude data-size, data-position, and data-offset from
fit_config_check_sig, we must exclude them while signing as well.
While we're at it, use the FIT_DATA_* defines for fit_config_check_sig
as welll.
Fixes: 8edecd3110e ("fit: Fix verification of images with external data")
Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding")
Signed-off-by: Sean Anderson
---
Changes in v2:
- Use FIT_DATA_* defines
boot/image-fit-sig.c | 8
tools/image-host.c | 7 ++-
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c
index a461d591a0e..12369896fe3 100644
--- a/boot/image-fit-sig.c
+++ b/boot/image-fit-sig.c
@@ -260,10 +260,10 @@ static int fit_config_check_sig(const void *fit, int
noffset, int conf_noffset,
char **err_msgp)
{
static char * const exc_prop[] = {
- "data",
- "data-size",
- "data-position",
- "data-offset"
+ FIT_DATA_PROP,
+ FIT_DATA_SIZE_PROP,
+ FIT_DATA_POSITION_PROP,
+ FIT_DATA_OFFSET_PROP,
};
const char *prop, *end, *name;
diff --git a/tools/image-host.c b/tools/image-host.c
index 698adfb3e1d..4a4e1c10d1e 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -917,7 +917,12 @@ static int fit_config_get_regions(const void *fit, int
conf_noffset,
int *region_countp, char **region_propp,
int *region_proplen)
{
- char * const exc_prop[] = {"data"};
+ char * const exc_prop[] = {
+ FIT_DATA_PROP,
+ FIT_DATA_SIZE_PROP,
+ FIT_DATA_POSITION_PROP,
+ FIT_DATA_OFFSET_PROP,
+ };
struct strlist node_inc;
struct image_region *region;
struct fdt_region fdt_regions[100];
--
2.35.1.1320.gc452695387.dirty
