| Message ID | 20230221201925.9644-44-pali@kernel.org |
|---|---|
| State | Accepted |
| Commit | bf78a57e9a84ef4c882acd8c8710d364ed90730e |
| Delegated to: | Stefan Roese |
| Headers | show
Return-Path: <u-boot-bounces@lists.denx.de> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256 header.s=k20201202 header.b=RVrWKL46; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PLrZL1YDXz23j7 for <incoming@patchwork.ozlabs.org>; Wed, 22 Feb 2023 07:32:42 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 72BD285B7A; Tue, 21 Feb 2023 21:24:36 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="RVrWKL46"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 976D785B54; Tue, 21 Feb 2023 21:23:54 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 9258785A6B for <u-boot@lists.denx.de>; Tue, 21 Feb 2023 21:22:45 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=pali@kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7D01A611F3; Tue, 21 Feb 2023 20:22:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 32B1EC433EF; Tue, 21 Feb 2023 20:22:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1677010955; bh=xtBejRyPjsdX+RDw+vi+R9nVIcjqn5MQLExK/0C7GHs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RVrWKL46CSGiAyox1miaH0vvDs26OIBioqpf36OLtiBYjw4L/BTTQ9EUzvDHeeauR 46FgRC78Pete3Ah8sEUDTzDmQy4ocRtfJAT6L1Bq2SU/PvJ8bwQntBCBf+n2KjqymA O7OjNLOl3hjXm+tWrmHAz+LzVHBJAeMY6L7cXCQkkKHASrKC9N37RGb6RLhd96tsGg Yiir0n7X0SNvDQM6+IUbJ2qRXAXrh1+xqquIgK7IeWdvUMZM4naNXG8cYJRUzCVvUn xTgOxrUvsIe+kc5OPezypUimkm+3Avgg3qpuTg6DnoR+1iIEG+90D+wEy4KZkDmVoG v2Cx3FIaEGZ0g== Received: by pali.im (Postfix) id E3A3D9E0; Tue, 21 Feb 2023 21:22:34 +0100 (CET) From: =?utf-8?q?Pali_Roh=C3=A1r?= <pali@kernel.org> To: u-boot@lists.denx.de Cc: Stefan Roese <sr@denx.de>, Tony Dinh <mibodhi@gmail.com>, Josua Mayer <josua@solid-run.com> Subject: [PATCH RFC u-boot-mvebu 43/59] tools: kwbimage: Fix generating secure boot data image signature Date: Tue, 21 Feb 2023 21:19:09 +0100 Message-Id: <20230221201925.9644-44-pali@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20230221201925.9644-1-pali@kernel.org> References: <20230221201925.9644-1-pali@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion <u-boot.lists.denx.de> List-Unsubscribe: <https://lists.denx.de/options/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=unsubscribe> List-Archive: <https://lists.denx.de/pipermail/u-boot/> List-Post: <mailto:u-boot@lists.denx.de> List-Help: <mailto:u-boot-request@lists.denx.de?subject=help> List-Subscribe: <https://lists.denx.de/listinfo/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=subscribe> Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de> X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean |
| Series |
arm: mvebu: Various fixes
|
expand
|
diff --git a/tools/kwbimage.c b/tools/kwbimage.c index b32f845b7e2d..a8a59c154b9c 100644 --- a/tools/kwbimage.c +++ b/tools/kwbimage.c @@ -1355,7 +1355,7 @@ static int add_secure_header_v1(struct image_tool_params *params, uint8_t *image if (kwb_sign_csk_with_kak(params, secure_hdr, csk)) return 1; - if (kwb_sign_and_verify(csk, image_ptr, image_size, + if (kwb_sign_and_verify(csk, image_ptr, image_size - 4, &secure_hdr->imgsig, "image") < 0) return 1;
Secure boot data image signature is calculated from the data image without trailing 4-bit checksum. Commit 37cb9c15d70d ("tools: kwbimage: Simplify aligning and calculating checksum") unintentionally broke this calculation when it increased payloadsz variable by 4 bytes which was propagated also into the add_secure_header_v1() function. Fix this issue by decreasing size of buffer by 4 bytes from which is calculated secure boot data image signature. Fixes: 37cb9c15d70d ("tools: kwbimage: Simplify aligning and calculating checksum") Signed-off-by: Pali Rohár <pali@kernel.org> --- tools/kwbimage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)