On Thu, Apr 4, 2024 at 12:11 PM Javier Viguera javier.viguera@digi.com wrote:
According to the documentation (for example NXP's AN13994 on encrypted boot on AHAB-enabled devices), the format of the signature block is:
+--------------+--------------+--------------+-------------+ | Tag | Length - msb | Length - lsb | Version | +--------------+--------------+--------------+-------------+ | SRK Table offset | Certificate offset | +-----------------------------+----------------------------+ | Blob offset | Signature offset | +-----------------------------+----------------------------+
There is no runtime error in the current u-boot code. The only user of struct signature_block_hdr is the "get_container_size" function in the "arch/arm/mach-imx/image-container.c" file, and it's only using the very first fields of the struct (which are in the correct position) and thus there is no runtime failure.
On the other hand, extending the code to get the data encryption key blob offset on the signature header gives a wrong value as the field is in the wrong order.
Signed-off-by: Javier Viguera javier.viguera@digi.com
Applied, thanks.