Message ID | 20200730042215.409016-4-patrick.oppenlander@gmail.com |
---|---|
State | Accepted |
Commit | b33e5cc18263d438d11bb9a728b4117cc560cae4 |
Delegated to: | Tom Rini |
Headers | show |
Series | [v2,1/3] mkimage: fit: only process one cipher node | expand |
Hi Patrick, > From: Patrick Oppenlander <patrick.oppenlander@gmail.com> > > Previously, mkimage -F could be run multiple times causing already > ciphered image data to be ciphered again. Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> > Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> Regards, Philippe > --- > tools/image-host.c | 15 ++++++++++++++- > 1 file changed, 14 insertions(+), 1 deletion(-) > > diff --git a/tools/image-host.c b/tools/image-host.c > index b4603c5f01..e5417beee5 100644 > --- a/tools/image-host.c > +++ b/tools/image-host.c > @@ -482,7 +482,7 @@ int fit_image_cipher_data(const char *keydir, void *keydest, > const char *image_name; > const void *data; > size_t size; > - int cipher_node_offset; > + int cipher_node_offset, len; > > /* Get image name */ > image_name = fit_get_name(fit, image_noffset, NULL); > @@ -497,6 +497,19 @@ int fit_image_cipher_data(const char *keydir, void > *keydest, > return -1; > } > > + /* > + * Don't cipher ciphered data. > + * > + * If the data-size-unciphered property is present the data for this > + * image is already encrypted. This is important as 'mkimage -F' can be > + * run multiple times on a FIT image. > + */ > + if (fdt_getprop(fit, image_noffset, "data-size-unciphered", &len)) > + return 0; > + if (len != -FDT_ERR_NOTFOUND) { > + printf("Failure testing for data-size-unciphered\n"); > + return -1; > + } > > /* Process cipher node if present */ > cipher_node_offset = fdt_subnode_offset(fit, image_noffset, > -- > 2.27.0
On Thu, Jul 30, 2020 at 02:22:15PM +1000, patrick.oppenlander@gmail.com wrote: > From: Patrick Oppenlander <patrick.oppenlander@gmail.com> > > Previously, mkimage -F could be run multiple times causing already > ciphered image data to be ciphered again. > > Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com> > Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com> Applied to u-boot/master, thanks!
diff --git a/tools/image-host.c b/tools/image-host.c index b4603c5f01..e5417beee5 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -482,7 +482,7 @@ int fit_image_cipher_data(const char *keydir, void *keydest, const char *image_name; const void *data; size_t size; - int cipher_node_offset; + int cipher_node_offset, len; /* Get image name */ image_name = fit_get_name(fit, image_noffset, NULL); @@ -497,6 +497,19 @@ int fit_image_cipher_data(const char *keydir, void *keydest, return -1; } + /* + * Don't cipher ciphered data. + * + * If the data-size-unciphered property is present the data for this + * image is already encrypted. This is important as 'mkimage -F' can be + * run multiple times on a FIT image. + */ + if (fdt_getprop(fit, image_noffset, "data-size-unciphered", &len)) + return 0; + if (len != -FDT_ERR_NOTFOUND) { + printf("Failure testing for data-size-unciphered\n"); + return -1; + } /* Process cipher node if present */ cipher_node_offset = fdt_subnode_offset(fit, image_noffset,