The hash should include the entire header, which is actually 1536 bytes
long. It seems that the hash is not checked for unsigned images and thus
this wasn't an issue until now.
If the hash is used for signing the image, hashing 1535 bytes instead of
1536 bytes causes a verification failure.
Signed-off-by: Michael Tretter <m.tret...@pengutronix.de>
---
scripts/rkimage.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/rkimage.c b/scripts/rkimage.c
index
b31893fe8f451b4c70dfb55005529ac21cc74156..ba89f32d9376d0153692baa3ddde1c793c1e4cc2
100644
--- a/scripts/rkimage.c
+++ b/scripts/rkimage.c
@@ -98,9 +98,9 @@ static int create_newidb(struct newidb *idb)
}
if (hash_type == HASH_TYPE_SHA256)
- sha256(idbu8, 1535, idbu8 + 1536);
+ sha256(idbu8, 1536, idbu8 + 1536);
else if (hash_type == HASH_TYPE_SHA512)
- sha512(idbu8, 1535, idbu8 + 1536);
+ sha512(idbu8, 1536, idbu8 + 1536);
return 0;
}
--
2.39.5
