From patchwork Tue Oct 11 21:52:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Anderson X-Patchwork-Id: 1688954 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=seco.com header.i=@seco.com header.a=rsa-sha256 header.s=selector1 header.b=X2QePGBK; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Mn8f92Kxrz23k1 for ; Wed, 12 Oct 2022 08:52:49 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 40CAA84F13; Tue, 11 Oct 2022 23:52:46 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=seco.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=seco.com header.i=@seco.com header.b="X2QePGBK"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1103284F15; Tue, 11 Oct 2022 23:52:45 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2053.outbound.protection.outlook.com [40.107.20.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id CDE6F84D2F for ; Tue, 11 Oct 2022 23:52:42 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=seco.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sean.anderson@seco.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eLdPAfQQfc/S5iR/CUSbdIqFXNNFiGURRA0i48II7dMb+cAhWUJ8nPYiLVIlZXWSXDqXJHP1GZHGq//bKDQmclFf1UDdK/cgFhA4hotzINu/CWw8zUuxiZSK/1fYe0qiNRorYdirOnnzu7KbDCHCrEDrkGa0p7MXuNTNYcT//3i+omT3uyaKqdId7j6TNeU4kFomP5HrSz5v88Cr2J2Pfxh6BsbMGQvbw/nnPEy/TkHkkn3SNTzyxooRcEFbgWhYAWdFFmskJ6SG7Ae939SXPk9JpMmCWonPnZSjDPaAmUz8OoY4PVSadAGLLn2q07AOn8LGvMN+CRxNalwwrEfz4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9s8BhYfpyyuW4BBOQr/GxfNIBQ2VNtXV5wLzXnSuh6k=; b=Im8SEVjf2LP96eJLPSN+SHXneMQqSeCJOQwuGJx/UmUgmWxvV1JIt84E1tmtwUNmxcSkh4i+TOtYc5PiecVMaBGenR/3NnmdJwZjmy7/5sZ9sNEGFLMMhpHiClyVs1l64e2rwrpnwQpm6boR/9L9b3TlC0V108bX/8+1V68AFLBLQHw2syRd2La4BGtG1gDxY4FHhoNL72NkuyOKKl3RYbHlU22O8tMcRgyldvf7mGdaixpB+O6ojeRX86sMAvlEvEsXBPrpSxa9+eRzk2XAHQF/bXxphThkWQgU/iMTzFDbavdAqIqHZ3wdiDxoyql6CeFBoZEM8ID8LAyTw0bH5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=seco.com; dmarc=pass action=none header.from=seco.com; dkim=pass header.d=seco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9s8BhYfpyyuW4BBOQr/GxfNIBQ2VNtXV5wLzXnSuh6k=; b=X2QePGBKr0jDFpnCHTPbGQ+7GWROrOC3XrLDcebsrO+1viIZ+8JRThdDhPlqjMAeuzbA/DomhB3a07fI00FCr6PTCCfBsVBmpe8L3kqel0ACGBFFUw6Cn8PeP3Yf9Dt0XkXP7xnR4Oyqc+p0i2hj6vO5CS+wbm6MTwe8htiIPL623aV9kDiUgj9+J6DY3WEA4vuwnUuRXQZjEpS0SzDfp8YiUEZWN1/SHjBmz9LDlX2wn5oRc47B2Dgym3LIRs/o7P8IRwf/Pv1AXZG0YcXrsn2EId9Zc4nWqHRr/En6e43Oc4ugag83olyBtkcv4t8LDrOEVKQHFMj9qwQ+Etb27Q== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=seco.com; Received: from DB7PR03MB4972.eurprd03.prod.outlook.com (2603:10a6:10:7d::22) by PAVPR03MB9656.eurprd03.prod.outlook.com (2603:10a6:102:316::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.21; Tue, 11 Oct 2022 21:52:41 +0000 Received: from DB7PR03MB4972.eurprd03.prod.outlook.com ([fe80::204a:de22:b651:f86d]) by DB7PR03MB4972.eurprd03.prod.outlook.com ([fe80::204a:de22:b651:f86d%6]) with mapi id 15.20.5709.015; Tue, 11 Oct 2022 21:52:41 +0000 From: Sean Anderson To: u-boot@lists.denx.de, Simon Glass Cc: Philippe Reynes , John Keeping , Sean Anderson Subject: [PATCH] mkimage: fit: Fix signing of configs with external data Date: Tue, 11 Oct 2022 17:52:31 -0400 Message-Id: <20221011215231.4133441-1-sean.anderson@seco.com> X-Mailer: git-send-email 2.35.1.1320.gc452695387.dirty X-ClientProxiedBy: BLAPR03CA0075.namprd03.prod.outlook.com (2603:10b6:208:329::20) To DB7PR03MB4972.eurprd03.prod.outlook.com (2603:10a6:10:7d::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB7PR03MB4972:EE_|PAVPR03MB9656:EE_ X-MS-Office365-Filtering-Correlation-Id: f86cce41-e170-41ac-2001-08daabd2ebd8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ojywlfUPiQNToTRo/EiUlL6C3a7JtfAdPk23pIKPA7w+R/xQTgsN9UDpAGbkH3LX4OkgIpMtaTCMDLWa75HkWtpwUdjzGDdgeeZiPIbdby2KqoGnIVPb7Dopoj73zLmHIKqHGYdeYOzuhRiTfY5zleDHILCohI6IGYCZN13/qOSIYJjYvGCbX6Z5dXySM+dVdKWJ58hIyvrPT0TzYu1nFkQ59FVbSrPZd37Lo2zIX/RptcMSZmATKcSBFk+mAu/bKArEDpLQsE98zIbc39aclCoVCSwN6a9X9jF4i4HiMs0pQYzU8ftcJ3IQZ9+yFDvb2BcseoXZBAOul6FUsI9u+nF74wrhQClweTJiH8sH2IU2Na4gRSBgp8HKOe7GthEr7khSjlT/5Ud0wgo+gxPHj/fk+XykpdQWdxxYtkY351OZV7kEL9MhkBxk3CscJnsoaM+mlCOfuy1Fk5+jlfSQaUoXqgIQ9sdtduNzl7ZpMWzVzlOSP2Iyb/HNjTgpTA1uklPR0wKS3iGKIWJgx+PvGUJFwH3+V8tl6CV0OMh9bUv3Mx+R95gc53rh1uHj4CUiwDIcrasY5f/5bseI9piAdVmgFU39wGyt6tEePzOADPR1mxO0buVDBH/9rPaFUPnWA/rCxLirZQWmZr4j0DzhVAVlMCYqUoTOu/zMFR6Ayt5z08gPBB0Ftx73U/wjUpbQCvLg46wymLIdeFulsJjkRGE+XVF8x6yBz9Fc6Kf9Sj3SP6LmSh12W2+9IDvOdZeWEKo+DnvaBYbXK0ILzJLV4Q== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR03MB4972.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(396003)(366004)(346002)(39850400004)(136003)(376002)(451199015)(6512007)(26005)(38100700002)(38350700002)(316002)(6916009)(86362001)(6486002)(8676002)(54906003)(36756003)(83380400001)(52116002)(2616005)(6666004)(107886003)(1076003)(186003)(6506007)(478600001)(5660300002)(44832011)(41300700001)(4744005)(2906002)(8936002)(66556008)(66946007)(4326008)(66476007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: pw0goZbELxahoKD5sQGklK0F83gB9MRsLJ9bQVueyF9tQ41JXXT0QW+GSL8P4fKMd1FW2dF0VGWjet3sFopBjmYcQ13cCTKLvhGpO4SGwp/kuiPHaZbn4QCytEu8qnxBGuSAHPDkoPvOPI6NU453c+k/gjxe93L0rkflwbotihKIId3aVCoub2JIJohs5ITDykTgkNB2+AF0JPh9LbsRxg64CGaprvv5OE9wxDiR52RUl+hlvCbwgljbcx6MyrYi48lV8ug6jTJT9JUX1t/UgE9nXO+RAG+vVTxASMS/34XN3HyUt8Jvlq6dTpNeDNlC1BHZTG7BphYgI93MPOUYS6Y49NFSYUbqaxR1AWA63rwhhNRIic+FRstjif7Ut2P1nRCaQ/iuHxZhtV/m/Il/oPodgJBLjz7F9OZYEW39JU/AsCE30lachftZsjDfh72evRMSJRSJjAoZi+31+M8ezjBY1NkHSIcKvvSgdVrLPyNwE8zobzEKfOy5vW/J/2j1QObSlhnrMRFiMK+YUeIc/o2qagT7w/fjkDXWOTDrY6tVb50hLNSwisHI4xSaUpAr8UlOsjwbjnazUjaim638HG+tC+8MPr5+YqV1BWCSvLUws/O7xhGADqqPfsZuF4oOMs/i2+AO85/6bTXw+RAg5pSdp3hKygLwMNGQ5h8cZ9PITAVTbUN4k9eRquqmJRfvZpm3F2lD/AxogM2w3qN+wUxqh6Fp7AZzU3tRVX04C4zYmod6amD1Q8unPoLOrgvBsolgo5PH0eLWfesQA/ML9KtmLGYwhNDH/1uk+2wV8c3tzx4zgUNOv3ItMHOTsN5RF5WjpskJX7fI+5dy7+3c6pKbL5JMx6jNW2cphjjpHBkP85k6ChB1Gc7TEOL69U0fnHIls5ly5wYBuh5UrAycOxbTbWVlkVT1/TgCjOcQdWLh3D4KGyfH54XfF8NxGAacKOhwFCZ9awLthaoHEeM4jtDYzBCdnOReeIpgKBgK6BzI7ORC0cTqIBZtGmGZZbsTxvxtT/B4D7g/H4TH8sOZIGdRpI+6lWD79qxH76WsujhYzebj6ezJ1jDD4RVenyJ7OVpEKNcXuqm1YCskgheqoPiBYMBR/NtaB5x8EGWUfiSIYF13uuNFwbJWD2VuVhbs1eMyMHX4uQFD7P5nguwt6KSah5d8SgYJI6Pp1J22AuXvrRuyPTwA2oMM+x35W+KxWG6wsdR+u51nD0ciNB+o0g2c5B47m40pmZVsAVisozgcwTF/ZVcF/7B6N0xOrSN4iqH25vudJFC2qgWrDFC3ZmCtaR9To5TsMtuGVit5jv3ulvK3+TD85WZmVO5JzMihsoSTBYYCMLq9yvSAp4Zooyj0UvPN7DxBWJQeiK7WbCMBWbEBpJx8LCo0snR5Voy8X99rRCMMEUfpMLdkDztkgwxYR1kBbXFBN84UOugetnyS5mKRaHXm6OatsyXNthbL/fKT5osTTyo0j8sJJWhUmEggustGIHiEgZrmfP3BHWmR8UXIZnE1JZT9d7WWVg+6LIbvILP3yVVWDAJBervJvLhzDBqvirqRrHPAylFW6Y/jK3tFZioxtFnyvZ6512wA+AuqagXAqVzvdiJwCshGZg== X-OriginatorOrg: seco.com X-MS-Exchange-CrossTenant-Network-Message-Id: f86cce41-e170-41ac-2001-08daabd2ebd8 X-MS-Exchange-CrossTenant-AuthSource: DB7PR03MB4972.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Oct 2022 21:52:41.6512 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bebe97c3-6438-442e-ade3-ff17aa50e733 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YnEDT4a/nhmOy4DtThJERad/LzQEU8v7TL2tn04rAZh9ZwfyHu0SCMoTxi7b9QtlkwJ85SHReYuIpaaR+ynGQA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAVPR03MB9656 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean Just like we exclude data-size, data-position, and data-offset from fit_config_check_sig, we must exclude them while signing as well. Fixes: 8edecd3110e ("fit: Fix verification of images with external data") Fixes: c522949a29d ("rsa: sig: fix config signature check for fit with padding") Signed-off-by: Sean Anderson --- tools/image-host.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/image-host.c b/tools/image-host.c index 698adfb3e1d..5ba6e3bbce0 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -917,7 +917,12 @@ static int fit_config_get_regions(const void *fit, int conf_noffset, int *region_countp, char **region_propp, int *region_proplen) { - char * const exc_prop[] = {"data"}; + char * const exc_prop[] = { + "data", + "data-size", + "data-position", + "data-offset" + }; struct strlist node_inc; struct image_region *region; struct fdt_region fdt_regions[100];