diff mbox series

[v2,3/3] mkimage: fit: don't cipher ciphered data

Message ID 20200730042215.409016-4-patrick.oppenlander@gmail.com
State Accepted
Commit b33e5cc18263d438d11bb9a728b4117cc560cae4
Delegated to: Tom Rini
Headers show
Series [v2,1/3] mkimage: fit: only process one cipher node | expand

Commit Message

Patrick Oppenlander July 30, 2020, 4:22 a.m. UTC 
From: Patrick Oppenlander <patrick.oppenlander@gmail.com>

Previously, mkimage -F could be run multiple times causing already
ciphered image data to be ciphered again.

Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
---
 tools/image-host.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

Comments

Philippe REYNES July 30, 2020, 1:58 p.m. UTC | #1 
Hi Patrick,


> From: Patrick Oppenlander <patrick.oppenlander@gmail.com>
> 
> Previously, mkimage -F could be run multiple times causing already
> ciphered image data to be ciphered again.

Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
 
> Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>


Regards,
Philippe


> ---
> tools/image-host.c | 15 ++++++++++++++-
> 1 file changed, 14 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/image-host.c b/tools/image-host.c
> index b4603c5f01..e5417beee5 100644
> --- a/tools/image-host.c
> +++ b/tools/image-host.c
> @@ -482,7 +482,7 @@ int fit_image_cipher_data(const char *keydir, void *keydest,
> const char *image_name;
> const void *data;
> size_t size;
> - int cipher_node_offset;
> + int cipher_node_offset, len;
> 
> /* Get image name */
> image_name = fit_get_name(fit, image_noffset, NULL);
> @@ -497,6 +497,19 @@ int fit_image_cipher_data(const char *keydir, void
> *keydest,
> return -1;
> }
> 
> + /*
> + * Don't cipher ciphered data.
> + *
> + * If the data-size-unciphered property is present the data for this
> + * image is already encrypted. This is important as 'mkimage -F' can be
> + * run multiple times on a FIT image.
> + */
> + if (fdt_getprop(fit, image_noffset, "data-size-unciphered", &len))
> + return 0;
> + if (len != -FDT_ERR_NOTFOUND) {
> + printf("Failure testing for data-size-unciphered\n");
> + return -1;
> + }
> 
> /* Process cipher node if present */
> cipher_node_offset = fdt_subnode_offset(fit, image_noffset,
> --
> 2.27.0
Tom Rini Aug. 8, 2020, 12:29 p.m. UTC | #2 
On Thu, Jul 30, 2020 at 02:22:15PM +1000, patrick.oppenlander@gmail.com wrote:

> From: Patrick Oppenlander <patrick.oppenlander@gmail.com>
> 
> Previously, mkimage -F could be run multiple times causing already
> ciphered image data to be ciphered again.
> 
> Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
> Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>

Applied to u-boot/master, thanks!
diff mbox series

Patch

diff --git a/tools/image-host.c b/tools/image-host.c
index b4603c5f01..e5417beee5 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -482,7 +482,7 @@  int fit_image_cipher_data(const char *keydir, void *keydest,
 	const char *image_name;
 	const void *data;
 	size_t size;
-	int cipher_node_offset;
+	int cipher_node_offset, len;
 
 	/* Get image name */
 	image_name = fit_get_name(fit, image_noffset, NULL);
@@ -497,6 +497,19 @@  int fit_image_cipher_data(const char *keydir, void *keydest,
 		return -1;
 	}
 
+	/*
+	 * Don't cipher ciphered data.
+	 *
+	 * If the data-size-unciphered property is present the data for this
+	 * image is already encrypted. This is important as 'mkimage -F' can be
+	 * run multiple times on a FIT image.
+	 */
+	if (fdt_getprop(fit, image_noffset, "data-size-unciphered", &len))
+		return 0;
+	if (len != -FDT_ERR_NOTFOUND) {
+		printf("Failure testing for data-size-unciphered\n");
+		return -1;
+	}
 
 	/* Process cipher node if present */
 	cipher_node_offset = fdt_subnode_offset(fit, image_noffset,