Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.2/patches/2220979/?format=api
{ "id": 2220979, "url": "http://patchwork.ozlabs.org/api/1.2/patches/2220979/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20260408150201.217942-4-paul.henrys_ext@softathome.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/1.2/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260408150201.217942-4-paul.henrys_ext@softathome.com>", "list_archive_url": null, "date": "2026-04-08T15:02:01", "name": "[v5,3/3] tools: binman: Test signing an encrypted FIT with a preload header", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "b5431ff3ddfbdb9251d43a3f9ab5b08e919aeede", "submitter": { "id": 83555, "url": "http://patchwork.ozlabs.org/api/1.2/people/83555/?format=api", "name": "Paul HENRYS", "email": "paul.henrys_ext@softathome.com" }, "delegate": { "id": 3651, "url": "http://patchwork.ozlabs.org/api/1.2/users/3651/?format=api", "username": "trini", "first_name": "Tom", "last_name": "Rini", "email": "trini@ti.com" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20260408150201.217942-4-paul.henrys_ext@softathome.com/mbox/", "series": [ { "id": 499152, "url": "http://patchwork.ozlabs.org/api/1.2/series/499152/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=499152", "date": "2026-04-08T15:02:01", "name": "binman: Fix preload signing with encrypted FIT", "version": 5, "mbox": "http://patchwork.ozlabs.org/series/499152/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2220979/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2220979/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com\n header.b=t43wsovn;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=none (p=none dis=none) header.from=softathome.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.b=\"t43wsovn\";\n\tdkim-atps=neutral", "phobos.denx.de; dmarc=none (p=none dis=none)\n header.from=softathome.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=paul.henrys_ext@softathome.com" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4frRB575R1z1yD3\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 09 Apr 2026 01:02:21 +1000 (AEST)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 46869840AB;\n\tWed, 8 Apr 2026 17:02:19 +0200 (CEST)", "by phobos.denx.de (Postfix, from userid 109)\n id 1E2DC838BB; Wed, 8 Apr 2026 17:02:18 +0200 (CEST)", "from PR0P264CU014.outbound.protection.outlook.com\n (mail-francecentralazlp170120004.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c20a::4])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 22686838BB\n for <u-boot+nodisclaimer@lists.denx.de>;\n Wed, 8 Apr 2026 17:02:16 +0200 (CEST)", "from PA7P264CA0321.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:395::24)\n by PR0P264MB2600.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:1e3::23)\n with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Wed, 8 Apr\n 2026 15:02:14 +0000", "from PA2PEPF00019230.FRAP264.PROD.OUTLOOK.COM\n (2603:10a6:102:395:cafe::2) by PA7P264CA0321.outlook.office365.com\n (2603:10a6:102:395::24) with Microsoft SMTP Server (version=TLS1_3,\n cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.37 via Frontend Transport; Wed,\n 8 Apr 2026 15:02:13 +0000", "from proxy.softathome.com (149.6.166.170) by\n PA2PEPF00019230.mail.protection.outlook.com (10.167.242.36) with Microsoft\n SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.17\n via Frontend Transport; Wed, 8 Apr 2026 15:02:13 +0000", "from sah2lpt245.. (unknown [192.168.72.183])\n by proxy.softathome.com (Postfix) with ESMTPSA id EDF01209C3;\n Wed, 8 Apr 2026 17:02:09 +0200 (CEST)" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=0.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS,\n SUSPICIOUS_RECIPS autolearn=no autolearn_force=no version=3.4.2", "ARC-Seal": "i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=Blynj630W1iVjphAfoEC9X0tJyqcdGJiQ1pCyQR83Fo8pKFNddMGCtu5PWWVoniwXfGE8qOWjeayQFId9xErvb7fwlgpinOVE3DRg0mbLUhtuceAlR2+6sETNaliq7TZP174Q6A+Fx1U+6I2UVjIYil6IZQBTeDQUACby7C3vajYGyr60+oHzPcQK0BiP6IivSErBU2rwbCiU0C7t9Dz05GWepjQ45h9tMPb/cuj007CQ1GpVtr4XDnMjExxvsacoIKnk25fQ2jnR6OTfcCLrveWzhoSPZARfYfIhl65G8/UoB8qGWH+G+uWW9OnNfMmP6CS8kZAxzpog/tMvOyjpA==", "ARC-Message-Signature": "i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=V+XGNEs4XhoUCrBu7LKXt85dpcC9ALXOlQSDrK+56U0=;\n b=P3g99casYxf4BE9r+VnT9cky/30wzlYZdP7afG4MXJCzxDgDvhdAYBfqVBiS1+CO0nZyQALMeOM2YR2IK0jTCKacsZpuBl2kckhUsGfTJtyvfPB9pHzNyCcAdSbCkUusGclBty1xe+2JSLjHQJ2HxtUaqqVl+7fJoHnz6/ZynUu4DxUDcQDoTtZMRZZrnavi0ue/vdUGGzeioEVrlMAL+cB6U6CXJVTPydgebF7+Q+O/Hb6Ut+TqQWOI9Y+FQ4WTCGrpDP8SOx0/p2vZp2cRfeEGPjqjfJCXyaQOx7bKDqWb2OEoMu7widDtTvZA/ReCsqHGecPkj/HGlIuWZeczfg==", "ARC-Authentication-Results": "i=1; mx.microsoft.com 1; spf=pass (sender ip is\n 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com;\n dmarc=bestguesspass action=none header.from=softathome.com; dkim=none\n (message not signed); arc=none (0)", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=V+XGNEs4XhoUCrBu7LKXt85dpcC9ALXOlQSDrK+56U0=;\n b=t43wsovnW7DRCpINOLDDiUlkocjPwhvG1xTtVETUuFz9rjYey0ohg6/4L9UN9dMEZEXoN/sEd8OBKoMsklJiiIXrCBE7L4X6qyjOleJ+/va1r1Se5Cz9ST6GE1ka72KoKykgvpfWz+vWUNABpynFEriKUnASaRFf72Ie+KZZUoiLotOmKa7HklMQ3rvz6bjdj1VGpAlVpwScHMiuvugpa2YsM0kU4RzC+ThFZ9xfVmv9vX+V2FqanlPjbdSw+ZQxygXYyqoWjIf88sPBVIBM6dzXJ9FVhWaPrZmMcweNWQjTNJ65nu4qxXWIE0MsNdnPqfOhF/K4Ew2aMeZlwHaUFQ==", "X-MS-Exchange-Authentication-Results": "spf=pass (sender IP is 149.6.166.170)\n smtp.mailfrom=softathome.com; dkim=none (message not signed)\n header.d=none;dmarc=bestguesspass action=none header.from=softathome.com;", "Received-SPF": "Pass (protection.outlook.com: domain of softathome.com\n designates 149.6.166.170 as permitted sender)\n receiver=protection.outlook.com; client-ip=149.6.166.170;\n helo=proxy.softathome.com; pr=C", "From": "Paul HENRYS <paul.henrys_ext@softathome.com>", "To": "u-boot+nodisclaimer@lists.denx.de", "Cc": "sjg+nodisclaimer@chromium.org, trini+nodisclaimer@konsulko.com,\n alpernebiyasak+nodisclaimer@gmail.com,\n philippe.reynes+nodisclaimer@softathome.com,\n Paul HENRYS <paul.henrys_ext@softathome.com>", "Subject": "[PATCH v5 3/3] tools: binman: Test signing an encrypted FIT with a\n preload header", "Date": "Wed, 8 Apr 2026 17:02:01 +0200", "Message-ID": "<20260408150201.217942-4-paul.henrys_ext@softathome.com>", "X-Mailer": "git-send-email 2.43.0", "In-Reply-To": "<20260408150201.217942-1-paul.henrys_ext@softathome.com>", "References": "<20260403075528.1150196-3-paul.henrys_ext@softathome.com>\n <20260408150201.217942-1-paul.henrys_ext@softathome.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-EOPAttributedMessage": "0", "X-MS-PublicTrafficType": "Email", "X-MS-TrafficTypeDiagnostic": "PA2PEPF00019230:EE_|PR0P264MB2600:EE_", "Content-Type": "text/plain", "X-MS-Office365-Filtering-Correlation-Id": "4b323b71-d7f4-4c10-4eef-08de957fd15b", "X-MS-Exchange-SenderADCheck": "1", "X-MS-Exchange-AntiSpam-Relay": "0", "X-Microsoft-Antispam": "BCL:0;\n ARA:13230040|1800799024|82310400026|376014|36860700016|18002099003|22082099003|17002099007|56012099003;", "X-Microsoft-Antispam-Message-Info": "\n C6UwUyc158MdVETUre3k/4/udEaXkcUaz7cOiugon+2qh+IeuNIC5nerhhWZ3bC02S909z2qgcU5h4zFLnr6iLND95ccpgdvhpcCJ/NoI81euJJDu5YrSrtTEMbytY24Vx/4mihHIcI5Sb85906J9+NvAL8F+/4+ncrWCt8jSMqYqEFLoXlWz3xuZTECHk8g3NDfbwSEVakdA0Ar5abE34a0VSdO5xa4jCuHb5uQja5afjY1sA7dhzOhLaSPUKABAFIGgeiE3BCJpOyHg6MlWFpfsEHRPd27nbYC/Lsz53Z0nBfw2fgVjFiY2XqfiSg99VQxMtuemfr1NvLCmnRUSqb/i8ZCf8UuIIXnBmWFybVavlQTyp4gb0K2i6qKAEjPH5rtyvcQG+IziNlJ8ZRRmOEhmV5kT9G8ZsEgjDuM6m2rwdjPyhq5UPtJn80HvifCjROaSqeDe09819aRfMAZNvty0yabQ0wiacT41zH7c/jOLnLZ3drHUgRF0fCtT8BYgDjiQyzPL+DlnSxg1e5s1rKX8InkwDubnm/eYw7mwC2WCqyYk46zTydkR9kjL2uvM5x/ICt4Cxo+/6XfzSVdoo414/wpm9a+tcJKyL7T1BIslrvoymQVVMNEGlkgGWKLjugODryDKepiildvKKHGfdKmuKi/WL3mXeJAabXgpjdDbqP/VAMFAvOdws8h7kxk5tkgutLX8FHIIJFLKyNSST8zzveOoKzA6SfIBlmYcZ/O/1wacd+osiTWe6xl5ktRLO6PfYnRG/rGVY4v4As7YA==", "X-Forefront-Antispam-Report": "CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:;\n IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent;\n CAT:NONE;\n SFS:(13230040)(1800799024)(82310400026)(376014)(36860700016)(18002099003)(22082099003)(17002099007)(56012099003);\n DIR:OUT; SFP:1101;", "X-MS-Exchange-AntiSpam-MessageData-ChunkCount": "1", "X-MS-Exchange-AntiSpam-MessageData-0": "\n +dHaxyVjeHJxAnR7WEtMBpNbY5MirTmSq8AY5+c+ltukfpXV+gok++HL9tO0aiO29/TVFB9V97tRlY5rqtNJSFhciIiwaz6eE7UtE5ay6L1bLEmgZEgd/15cxhZQC0rWSkyuhwoH1YePGWQWrDCUBqI37II0fnfjFQyTB5xd8rnMQVvtQvxJeANQ33zPdyHgQmTfzkaRhVt8/R7kb5yCIVqTZunOxPYN2UguL0PUy8wQm/r1GeOKIDxLG+In+WXloo8IvVkXc57uz5CorWw/9mpGee6hGWsI6HTKy+zsqC6S0zxbltweJhVqgpi8MEd2Aw0AzdDvR6Fqgoaa/qAjlM9eFDFmh9zPlbTfeASiv6mtyqDUpk6mhX9zVpAe+gC5wvL3Y66womt+FaPViUhXsOt06oXcaZY7Wt5u6A6xasNrT9Z3uIOET+0PIhl07qqp", "X-OriginatorOrg": "softathome.com", "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "08 Apr 2026 15:02:13.6258 (UTC)", "X-MS-Exchange-CrossTenant-Network-Message-Id": "\n 4b323b71-d7f4-4c10-4eef-08de957fd15b", "X-MS-Exchange-CrossTenant-Id": "aa10e044-e405-4c10-8353-36b4d0cce511", "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp": "\n TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170];\n Helo=[proxy.softathome.com]", "X-MS-Exchange-CrossTenant-AuthSource": "PA2PEPF00019230.FRAP264.PROD.OUTLOOK.COM", "X-MS-Exchange-CrossTenant-AuthAs": "Anonymous", "X-MS-Exchange-CrossTenant-FromEntityHeader": "HybridOnPrem", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "PR0P264MB2600", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "Add a test to verify the preload header correctly signs an encrypted\nFIT. This test exercises the case where encryption uses random IVs that\nwould change between mkimage calls.\n\nSigned-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>\n---\n\nChanges in v5:\n- No changes\n\n tools/binman/ftest.py | 21 +++++++\n .../test/security/pre_load_fit_encrypted.dts | 63 +++++++++++++++++++\n 2 files changed, 84 insertions(+)\n create mode 100644 tools/binman/test/security/pre_load_fit_encrypted.dts", "diff": "diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py\nindex ca5149ee654..da8325f820a 100644\n--- a/tools/binman/ftest.py\n+++ b/tools/binman/ftest.py\n@@ -5895,6 +5895,27 @@ fdt fdtmap Extract the devicetree blob from the fdtmap\n data = self._DoReadFileDtb('security/pre_load_invalid_key.dts',\n entry_args=entry_args)\n \n+ def testPreLoadEncryptedFit(self):\n+ \"\"\"Test an encrypted FIT image with a pre-load header\"\"\"\n+ entry_args = {\n+ 'pre-load-key-path': os.path.join(self._binman_dir, 'test'),\n+ }\n+ data = tools.read_file(self.TestFile(\"fit/aes256.bin\"))\n+ self._MakeInputFile(\"keys/aes256.bin\", data)\n+\n+ keys_subdir = os.path.join(self._indir, \"keys\")\n+ data = self._DoReadFileDtb(\n+ 'security/pre_load_fit_encrypted.dts', entry_args=entry_args,\n+ extra_indirs=[keys_subdir])[0]\n+\n+ image_fname = tools.get_output_filename('image.bin')\n+ is_signed = self._CheckPreload(image_fname, self.TestFile(\"dev.key\"))\n+\n+ self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)])\n+ self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)])\n+ self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8 + len(PRE_LOAD_HDR_SIZE)])\n+ self.assertEqual(is_signed, True)\n+\n def _CheckSafeUniqueNames(self, *images):\n \"\"\"Check all entries of given images for unsafe unique names\"\"\"\n for image in images:\ndiff --git a/tools/binman/test/security/pre_load_fit_encrypted.dts b/tools/binman/test/security/pre_load_fit_encrypted.dts\nnew file mode 100644\nindex 00000000000..f5e9bf9426c\n--- /dev/null\n+++ b/tools/binman/test/security/pre_load_fit_encrypted.dts\n@@ -0,0 +1,63 @@\n+// SPDX-License-Identifier: GPL-2.0+\n+\n+/dts-v1/;\n+\n+/ {\n+\t#address-cells = <1>;\n+\t#size-cells = <1>;\n+\n+\tbinman {\n+\t\tpre-load {\n+\t\t\tcontent = <&image>;\n+\t\t\talgo-name = \"sha256,rsa2048\";\n+\t\t\tkey-name = \"dev.key\";\n+\t\t\theader-size = <4096>;\n+\t\t\tversion = <0x11223344>;\n+\t\t};\n+\n+\t\timage: fit {\n+\t\t\tfit,encrypt;\n+\t\t\tdescription = \"Test a FIT with encrypted data and signed with a preload\";\n+\t\t\t#address-cells = <1>;\n+\n+\t\t\timages {\n+\t\t\t\tu-boot {\n+\t\t\t\t\tdescription = \"U-Boot\";\n+\t\t\t\t\ttype = \"firmware\";\n+\t\t\t\t\tarch = \"arm64\";\n+\t\t\t\t\tos = \"U-Boot\";\n+\t\t\t\t\tcompression = \"none\";\n+\t\t\t\t\tload = <00000000>;\n+\t\t\t\t\tentry = <00000000>;\n+\t\t\t\t\tcipher {\n+\t\t\t\t\t\talgo = \"aes256\";\n+\t\t\t\t\t\tkey-name-hint = \"aes256\";\n+\t\t\t\t\t};\n+\t\t\t\t\tu-boot-nodtb {\n+\t\t\t\t\t};\n+\t\t\t\t};\n+\t\t\t\tfdt-1 {\n+\t\t\t\t\tdescription = \"Flattened Device Tree blob\";\n+\t\t\t\t\ttype = \"flat_dt\";\n+\t\t\t\t\tarch = \"arm64\";\n+\t\t\t\t\tcompression = \"none\";\n+\t\t\t\t\tcipher {\n+\t\t\t\t\t\talgo = \"aes256\";\n+\t\t\t\t\t\tkey-name-hint = \"aes256\";\n+\t\t\t\t\t};\n+\t\t\t\t\tu-boot-dtb {\n+\t\t\t\t\t};\n+\t\t\t\t};\n+\t\t\t};\n+\n+\t\t\tconfigurations {\n+\t\t\t\tdefault = \"conf-1\";\n+\t\t\t\tconf-1 {\n+\t\t\t\t\tdescription = \"Boot U-Boot with FDT blob\";\n+\t\t\t\t\tfirmware = \"u-boot\";\n+\t\t\t\t\tfdt = \"fdt-1\";\n+\t\t\t\t};\n+\t\t\t};\n+\t\t};\n+\t};\n+};\n", "prefixes": [ "v5", "3/3" ] }