Hi Patrick,
From: Patrick Oppenlander patrick.oppenlander@gmail.com
This patch addresses issue #2 for signed configurations.
-----8<-----
This "line" will be included in the commit message ;)
Including the image cipher properties in the configuration signature prevents an attacker from modifying cipher, key or iv properties.
Signed-off-by: Patrick Oppenlander patrick.oppenlander@gmail.com
Reviewed-by: Philippe Reynes philippe.reynes@softathome.com
Regards, Philippe
tools/image-host.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
diff --git a/tools/image-host.c b/tools/image-host.c index e5417beee5..3d52593e36 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -744,6 +744,23 @@ static int fit_config_get_hash_list(void *fit, int conf_noffset, return -ENOMSG; }
- /* Add this image's cipher node if present */
- noffset = fdt_subnode_offset(fit, image_noffset,
- FIT_CIPHER_NODENAME);
- if (noffset != -FDT_ERR_NOTFOUND) {
- if (noffset < 0) {
- printf("Failed to get cipher node in configuration '%s/%s' image '%s': %s\n",
- conf_name, sig_name, iname,
- fdt_strerror(noffset));
- return -EIO;
- }
- ret = fdt_get_path(fit, noffset, path, sizeof(path));
- if (ret < 0)
- goto err_path;
- if (strlist_add(node_inc, path))
- goto err_mem;
- }
image_count++; }
-- 2.27.0