On 10/12/22 08:59, Simon Glass wrote:
Hi Sean,
On Tue, 11 Oct 2022 at 15:52, Sean Anderson <sean.ander...@seco.com> wrote:
Just like we exclude data-size, data-position, and data-offset from
fit_config_check_sig, we must exclude them while signing as well.
Fixes: 8edecd3110e ("fit: Fix verification of images with external data")
Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding")
Signed-off-by: Sean Anderson <sean.ander...@seco.com>
---
tools/image-host.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/tools/image-host.c b/tools/image-host.c
index 698adfb3e1d..5ba6e3bbce0 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -917,7 +917,12 @@ static int fit_config_get_regions(const void *fit, int
conf_noffset,
int *region_countp, char **region_propp,
int *region_proplen)
{
- char * const exc_prop[] = {"data"};
+ char * const exc_prop[] = {
+ "data",
+ "data-size",
+ "data-position",
+ "data-offset"
+ };
struct strlist node_inc;
struct image_region *region;
struct fdt_region fdt_regions[100];
--
2.35.1.1320.gc452695387.dirty
It looks like we should be able to use FIT_DATA_POSITION_PROP (etc.) here?
Probably. fit_config_check_sig would also need to be updated.
--Sean
