From patchwork Tue Feb 21 20:19:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Pali_Roh=C3=A1r?= X-Patchwork-Id: 1745901 X-Patchwork-Delegate: sr@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256 header.s=k20201202 header.b=RVrWKL46; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PLrZL1YDXz23j7 for ; Wed, 22 Feb 2023 07:32:42 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 72BD285B7A; Tue, 21 Feb 2023 21:24:36 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="RVrWKL46"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 976D785B54; Tue, 21 Feb 2023 21:23:54 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 9258785A6B for ; Tue, 21 Feb 2023 21:22:45 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=pali@kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7D01A611F3; Tue, 21 Feb 2023 20:22:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 32B1EC433EF; Tue, 21 Feb 2023 20:22:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1677010955; bh=xtBejRyPjsdX+RDw+vi+R9nVIcjqn5MQLExK/0C7GHs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RVrWKL46CSGiAyox1miaH0vvDs26OIBioqpf36OLtiBYjw4L/BTTQ9EUzvDHeeauR 46FgRC78Pete3Ah8sEUDTzDmQy4ocRtfJAT6L1Bq2SU/PvJ8bwQntBCBf+n2KjqymA O7OjNLOl3hjXm+tWrmHAz+LzVHBJAeMY6L7cXCQkkKHASrKC9N37RGb6RLhd96tsGg Yiir0n7X0SNvDQM6+IUbJ2qRXAXrh1+xqquIgK7IeWdvUMZM4naNXG8cYJRUzCVvUn xTgOxrUvsIe+kc5OPezypUimkm+3Avgg3qpuTg6DnoR+1iIEG+90D+wEy4KZkDmVoG v2Cx3FIaEGZ0g== Received: by pali.im (Postfix) id E3A3D9E0; Tue, 21 Feb 2023 21:22:34 +0100 (CET) From: =?utf-8?q?Pali_Roh=C3=A1r?= To: u-boot@lists.denx.de Cc: Stefan Roese , Tony Dinh , Josua Mayer Subject: [PATCH RFC u-boot-mvebu 43/59] tools: kwbimage: Fix generating secure boot data image signature Date: Tue, 21 Feb 2023 21:19:09 +0100 Message-Id: <20230221201925.9644-44-pali@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20230221201925.9644-1-pali@kernel.org> References: <20230221201925.9644-1-pali@kernel.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean Secure boot data image signature is calculated from the data image without trailing 4-bit checksum. Commit 37cb9c15d70d ("tools: kwbimage: Simplify aligning and calculating checksum") unintentionally broke this calculation when it increased payloadsz variable by 4 bytes which was propagated also into the add_secure_header_v1() function. Fix this issue by decreasing size of buffer by 4 bytes from which is calculated secure boot data image signature. Fixes: 37cb9c15d70d ("tools: kwbimage: Simplify aligning and calculating checksum") Signed-off-by: Pali Rohár --- tools/kwbimage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/kwbimage.c b/tools/kwbimage.c index b32f845b7e2d..a8a59c154b9c 100644 --- a/tools/kwbimage.c +++ b/tools/kwbimage.c @@ -1355,7 +1355,7 @@ static int add_secure_header_v1(struct image_tool_params *params, uint8_t *image if (kwb_sign_csk_with_kak(params, secure_hdr, csk)) return 1; - if (kwb_sign_and_verify(csk, image_ptr, image_size, + if (kwb_sign_and_verify(csk, image_ptr, image_size - 4, &secure_hdr->imgsig, "image") < 0) return 1;