According to the documentation (for example NXP's AN13994 on encrypted
boot on AHAB-enabled devices), the format of the signature block is:
+--------------+--------------+--------------+-------------+
| Tag | Length - msb | Length - lsb | Version |
+--------------+--------------+--------------+-------------+
| SRK Table offset | Certificate offset |
+-----------------------------+----------------------------+
| Blob offset | Signature offset |
+-----------------------------+----------------------------+
There is no runtime error in the current u-boot code. The only user of
struct signature_block_hdr is the "get_container_size" function in the
"arch/arm/mach-imx/image-container.c" file, and it's only using the very
first fields of the struct (which are in the correct position) and thus
there is no runtime failure.
On the other hand, extending the code to get the data encryption key
blob offset on the signature header gives a wrong value as the field is
in the wrong order.
Signed-off-by: Javier Viguera <javier.vigu...@digi.com>
---
Notes:
v2:
- Improve commit log
include/imx_container.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/imx_container.h b/include/imx_container.h
index 54cd684e35d5..691c764b3e5b 100644
--- a/include/imx_container.h
+++ b/include/imx_container.h
@@ -50,10 +50,10 @@ struct signature_block_hdr {
u8 length_lsb;
u8 length_msb;
u8 tag;
- u16 srk_table_offset;
u16 cert_offset;
- u16 blob_offset;
+ u16 srk_table_offset;
u16 signature_offset;
+ u16 blob_offset;
u32 reserved;
} __packed;
