| Message ID | 20191203210618.28614-1-dariobin@libero.it |
|---|---|
| State | Rejected |
| Delegated to: | Tom Rini |
| Headers | show |
| Series | spl: fit: enable hash control even without signature | expand |
On Tue, Dec 03, 2019 at 10:06:18PM +0100, Dario Binacchi wrote: > The function "fit_image_verify_with_data" that performs the integrity > protection of FIT images is already able to correctly manage the device > tree nodes that require signature and/or hash control. > Tests with device tree with or without hash nodes but certainly not > signed have given positive results. Furthermore, the hash calculation > is performed only if the hash property has been detected, without > adding unnecessary calculations. > It is therefore useless and limiting to enable hash control only in > the case of a signed image. > > Signed-off-by: Dario Binacchi <dariobin@libero.it> > --- > > common/spl/spl_fit.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c > index cbc00a4e7c..58ba40cb2f 100644 > --- a/common/spl/spl_fit.c > +++ b/common/spl/spl_fit.c > @@ -242,14 +242,12 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector, > src = (void *)data; > } > > -#ifdef CONFIG_SPL_FIT_SIGNATURE > printf("## Checking hash(es) for Image %s ... ", > fit_get_name(fit, node, NULL)); > if (!fit_image_verify_with_data(fit, node, > src, length)) > return -EPERM; > puts("OK\n"); > -#endif > > #ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS > board_fit_image_post_process(&src, &length); This makes a massive number (of mainly sunxi boards in SPL) fail to link due to size overflows as we're no longer discarding a lot of code I believe.
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index cbc00a4e7c..58ba40cb2f 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -242,14 +242,12 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector, src = (void *)data; } -#ifdef CONFIG_SPL_FIT_SIGNATURE printf("## Checking hash(es) for Image %s ... ", fit_get_name(fit, node, NULL)); if (!fit_image_verify_with_data(fit, node, src, length)) return -EPERM; puts("OK\n"); -#endif #ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS board_fit_image_post_process(&src, &length);
The function "fit_image_verify_with_data" that performs the integrity protection of FIT images is already able to correctly manage the device tree nodes that require signature and/or hash control. Tests with device tree with or without hash nodes but certainly not signed have given positive results. Furthermore, the hash calculation is performed only if the hash property has been detected, without adding unnecessary calculations. It is therefore useless and limiting to enable hash control only in the case of a signed image. Signed-off-by: Dario Binacchi <dariobin@libero.it> --- common/spl/spl_fit.c | 2 -- 1 file changed, 2 deletions(-)