When running the test case testPreLoadEncryptedFit, mkimage has been called multiple times. Each call to Entry_fit's GetData falls into Entry_fit's BuildSectionData then mkimage is called. The last mkimage is called after the image has been signed with the preload key. As mkimage uses a random IV for encryption and the timestamps may differ, There is a mismatch between the previously calculated signature and the final fit included in the image.
During ProcessImage, how can one tell when exactly a fit is well generated, and stop the useless mkimage afterwards? Paul HENRYS (2): binman: Generate the preload header and sign the data only once tools: binman: Test signing an encrypted FIT with a preload header yan wang (1): binman: Fix signing an encryted FIT with a preload key tools/binman/etype/pre_load.py | 12 ++-- tools/binman/ftest.py | 17 +++++ tools/binman/image.py | 10 +++ .../test/336_pre_load_fit_encrypted.dts | 63 +++++++++++++++++++ 4 files changed, 96 insertions(+), 6 deletions(-) create mode 100644 tools/binman/test/336_pre_load_fit_encrypted.dts -- 2.25.1
