mkimage: fit: Fix signing of configs with external data

Just like we exclude data-size, data-position, and data-offset from fit_config_check_sig, we must exclude them while signing as well. While we're at it, use the FIT_DATA_* defines for fit_config_check_sig as welll. Fixes: 8edecd3110 ("fit: Fix verification of images with external data") Fixes: c522949a29 ("rsa: sig: fix config signature check for fit with padding") Signed-off-by: Sean Anderson <sean.anderson@seco.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2022-10-20 15:41:10 -04:00 · 2022-10-20 15:41:10 -04:00 · 0abe3323f5
commit 0abe3323f5
parent b487387226
2 changed files with 10 additions and 5 deletions
--- a/boot/image-fit-sig.c
+++ b/boot/image-fit-sig.c
@ -260,10 +260,10 @@ static int fit_config_check_sig(const void *fit, int noffset, int conf_noffset,
 				char **err_msgp)
 {
 	static char * const exc_prop[] = {
-		"data",
-		"data-size",
-		"data-position",
-		"data-offset"
+		FIT_DATA_PROP,
+		FIT_DATA_SIZE_PROP,
+		FIT_DATA_POSITION_PROP,
+		FIT_DATA_OFFSET_PROP,
 	};

 	const char *prop, *end, *name;
--- a/tools/image-host.c
+++ b/tools/image-host.c
@ -915,7 +915,12 @@ static int fit_config_get_regions(const void *fit, int conf_noffset,
 				  int *region_countp, char **region_propp,
 				  int *region_proplen)
 {
-	char * const exc_prop[] = {"data"};
+	char * const exc_prop[] = {
+		FIT_DATA_PROP,
+		FIT_DATA_SIZE_PROP,
+		FIT_DATA_POSITION_PROP,
+		FIT_DATA_OFFSET_PROP,
+	};
 	struct strlist node_inc;
 	struct image_region *region;
 	struct fdt_region fdt_regions[100];