rsa: sig: fix config signature check for fit with padding

The signature check on config node is broken on fit with padding. To compute the signature for config node, U-Boot compute the signature on all properties of requested node for this config, except for the property "data". But, when padding is used for binary in a fit, there isn't a property "data" but two properties: "data-offset" and "data-size". So to fix the check of signature, we also don't use the properties "data-offset" and "data-size" when checking the signature on config node. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2024-11-10 07:04:28 +00:00 · 2020-04-29 15:26:17 +02:00 · 2020-04-29 15:26:17 +02:00 · c522949a29
commit c522949a29
parent eb7690e81f
1 changed files with 1 additions and 1 deletions
--- a/common/image-fit-sig.c
+++ b/common/image-fit-sig.c
@ -249,7 +249,7 @@ static int fit_config_check_sig(const void *fit, int noffset,
 				int required_keynode, int conf_noffset,
 				char **err_msgp)
 {
-	char * const exc_prop[] = {"data"};
+	char * const exc_prop[] = {"data", "data-size", "data-position"};
 	const char *prop, *end, *name;
 	struct image_sign_info info;
 	const uint32_t *strings;